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Avaya-Nortel 
deal  raises 
integration, 
overlap  issues 

BY  JIM  DUFFY  AND  TIM  GREENE 


IF  YOU’RE  A  Nortel  customer,  chart  the 
progress  of  Avaya’s  purchase  of  Nortel’s  enter¬ 
prise  assets  carefully  so  you  are  spared  product 
integration  or  rationalization  surprises. 

Product  overlap,  consolidation  and  subse¬ 
quent  support  are  the  biggest  issues  facing 
Nortel  enterprise  customers  on  the  heels  of 
Avaya’s  $900  million  purchase  of  that  business. 
Avaya  last  week  beat  out  Siemens  Enterprise 
Communications  for  the  asset  and  won  court 
approval  for  the  purchase. 

Now  comes  the  uneasy  task  of  sifting 
through  the  product  portfolio  and  eliminat¬ 
ing  redundancies  —  an  ordeal  that  could  leave 
Nortel  and  even  Avaya  users  —  with  a  short¬ 
ened  lifespan  on  their  investments. 

See  Avaya, page  24 
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Fighting  domain-name  abuse 

Cyber-criminals  game  system  to  fuel  botnets,  phishing  schemes 


BY  ELLEN  MESSMER 


FOR  LEGITIMATE  BUSINESSES,  a  domain  name 
is  a  way  to  hang  a  shingle  in  cyberspace.  In  the  criminal 
world,  domain  names  are  a  key  part  of  botnet  and  phish¬ 
ing  operations,  and  cyber-criminals  are  plundering 
domain-name  registrars  around  the  world  to  get  them. 

Criminals  are  amassing  domain  names  by  registering 
them  under  phony  information,  paying  with  stolen  credit 
cards  or  hard-to-trace  digital  currencies  like  eGold,  and 
breaking  into  legitimate  domain-name  accounts.  To  add 
to  the  problem  of  domain-name  abuse,  some  rogue  regis¬ 
trars  often  look  the  other  way  as  the  money  rolls  in. 

“There’s  absolutely  a  big  problem,”  says  Ben  Butler, 
director  of  network  abuse  at  Go  Daddy,  a  domain-name 
registrar  that’s  authorized  by  the  Internet  Corporation 
for  Assigned  Names  and  Numbers  and  the  appropriate 
ICANN-accredited  registries  to  sell  domain  names  based 


on  the  generic  top-level  domains  (gTLD)  that  include 
.com,  .aero,  .info,  .name  and  .net. 

Go  Daddy  has  36  million  domain  names  under  man¬ 
agement  for  more  than  6  million  customers,  making  it  one 
of  the  largest  registrars.  It  fights  an  around-the-clock  bat¬ 
tle  to  identify  domain-name  abuse,  and  if  a  domain  name 
is  determined  to  be  used  for  harmful  purposes  Go  Daddy 
will  essentially  “kill  the  domain  name,”  Butler  says. 

During  the  suspension  process,  a  malicious  domain 
is  redirected  to  a  non-resolving  server  that  delivers  an 
error  message.  That’s  the  preferred  process  instead  of 
outright  cancellation,  since  it’s  not  always  clear  who  the 
owner  of  a  malicious  domain  is.  “We  investigate  literally 
thousands  of  complaints  on  domain  names  each  week,” 
Butler  says.  “And  we  suspend  hundreds  of  domain 
names  per  week.” 

In  spite  of  all  these  efforts,  criminals  still  slip  through 

See  Abuse,  page  20 


Thinking  outside  the  box 
depends  on  what’s  in  the  box. 

Today,  businesses  are  struggling  to  keep  up  with  the  energy  demands  of  their 
server  rooms.  This  isn’t  simply  a  question  of  cost.  It  is  increasingly  impacting 
day-to-day  operations.  A  recent  study  found  that  an  estimated  half  of  all 
businesses  have  experienced  IT  outages  due  to  power  and  cooling  issues.1 

The  entire  architecture  of  the  IBM  BladeCenter®  HS22  is  designed  to  give  you 
greater  efficiency  at  every  level— from  its  highly  efficient  design  and  Intel®  Xeon® 
Processor  5500  Series  to  its  advanced  management  software,  such  as  IBM  Systems 
Director,  which  actively  monitors  and  limits  power  consumption.  Built-in  sensors, 
such  as  an  onboard  altimeter,  optimize  cooling  based  on  elevation.  All  of  which 
can  add  up  to  93%  in  energy  savings  over  the  previous  generation  of  rack  servers. 

Learn  how  you  can  see  a  return  on  your  investment  in  as  little  as  three  months2 
at  ibm.com/hs22 

Systems,  software  and  services  for  a  greener  planet. 


'Source:  IDC  Market  Analysis  #21 5870,  Volume  1 ,  December  2008,  Worldwide  Server  Energy  Expense  2008-201 2  Forecast.  -  Return  on  investment  and  power  savings  calculation  based  on  1 1 :1  consolidation 
customer  configurations  and  environment.  For  more  information,  visit  www.ibm.com/smarterplanet/claims.  IBM,  the  IBM  logo,  ibm.com  and  BladeCenter  are  trademarks  of  International  Business  Machines 
copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries.  ©  International  Business  Machines 


ratio  scenario  of  1 66  Intel  1 U  2  socket  servers  to  1 4  BladeCenter  HS22  servers  and  savings  in  energy  costs,  software  license  fees  and  other  operating  costs.  Actual  costs  and  savings  will  vary  depending  on  individual 
Corp.,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/ 
Corporation  2009.  All  rights  reserved. 


TURNS 
HACKERS 
NTO  HACKS. 


Todays  business  environment  is  full  of  uncertainty.  It’s  become  harder  than 


ever  to  predict  what  will  happen  next.  One  thing  you  shouldn’t  have  to 


question  is  your  network’s  security.  At  Qwest,  we  provide  tailored  network 


security  solutions  designed  to  help  detect  and  prevent  intru 


can  focus  on  running  your  business  instead  of  worrying  about  its  safety, 


Learn  more  at  qwest.com/business 


Get  Qwest.  Get  Nimble 
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Open  source  management 
tools  get  respect 

Open  source  monitoring  tools  and  manage¬ 
ment  applications  will  soon  enjoy  a  new 
home  online  as  commercial  vendors  and 
open  source  supporters  unveil  a  commu¬ 
nity  devoted  to  the  flexible,  free  IT  software. 
MonitoringForge.org  launched  in  beta  and 
welcomes  developers  and  users  of  open 
source  network  and  systems  management 
and  monitoring  applications  to  share  their 
tools,  experiences  and  plans  for  future  work, 


22  News  Analysis  Virtual  Computer  offers  killer  new  desktop. 

24  News  Analysis  Moving  legacy  applications  to  the  Amazon  cloud. 
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28  Cool  Tools  iTunes’ Home  Sharing  nice,  but  could  be  nicer,  by  keith  shaw 
38  BackSpin  Surveilled  to  death,  by  mark  gibbs 
38  Net  Buzz  T-Mobile  folds  plans  to  charge  for  paper  bills,  by  Paul  mcnamara 
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Beware  online  user  comments 

A  staggering  95% 

"user-generated 
comments”  for 
blogs,  chat 
rooms  and 
message  boards 
online  are  spam 
or  malicious, 
according  to  a 
new  Websense 
report  on  security 
threat  trends. 

More  than  47%  of 
the  Top  100  sites, 
particularly  social¬ 
networking  sites,  such  as  Facebook  or  You¬ 
Tube,  support  user-generated  content,  which 
the  report  notes  is  becoming  a  significant  way 
to  disseminate  malware  and  conduct  fraud. 
“On  Facebook  and  other  social-networking 
sites,  there’s  an  explicit  sense  of  trust,"  says 
Websense's  Patrik  Runald.  “That’s  why  the 
bad  guys  are  attempting  to  exploit  it,  with 
malware  like  Koobface,  which  could  hijack 
your  machine  and  send  messages.” 


Dell  gets  slapped 

Dell  will  pay  $4  million  to 
settle  charges  of  fraudulent 
and  deceptive  business 
practices  brought  against 
the  company  by  New  York’s 
Office  of  the  Attorney  Gen¬ 
eral.  The  New  York  attorney 
general  filed  suit  against  Dell  in 
2007,  charging  that  the  company  misled 
customers  by  charging  high  credit  rates  when 
they  were  promised  cheap  financing.  The 
suit  also  alleged  Dell  didn’t  provide  custom¬ 
ers  with  full  details  of  its  next-day  service 
program  and  didn’t  deliver  promised  rebates 
and  warranties. 
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PEERSAY 


Heard  it  all  before 

Dear  vendor  (http://tinyurl.com/prm9df): 

The  heart  of  the  matter  is  that  vendors  delib¬ 
erately  keep  pricing  secret  because  that  way 
they  can  nickle  and  dime  you. 

More  and  more  vendors  are  selling  their 
products  at  a  low  price,  but  charging  heavily  on 
the  back  end  for  things  like  support,  licenses, 
features  and  so  on.  When  each  feature  has 
its  own  pricing  and  licenses  are  based  on  the 
number  of  users,  connections,  etc.,  run  as  fast 
as  you  can. 

It’s  gotten  to  the  point  that  the  vendor  has  to 
have  a  30-minute  conversation  with  the  cus¬ 
tomer  to  explain  just  the  licensing,  never  mind 
the  function  of  the  product. 

David 

Nortel  product  support 
will  slip  away 

Re:  Nortel  users  should  hope  for  best,  prepare 
for  worst  (http://tinyurl.com/ovvjzk): 

Support  and  development  on  the  Nortel  prod¬ 
ucts  are  going  to  be  reduced,  there  is  no  way 
around  it.  Why  have  competing  product  port¬ 
folios?  Obviously,  they  will  “support”  the  Nortel 
gear  for  just  as  long  as  they  need  to  integrate  it 
into  the  Avaya  offerings. 

Additionally,  Nortel  talent  has  been  jump¬ 
ing  off  that  ship  for  a  while,  and  now  it  is  like 
the  Titanic  with  the  stern  up  in  the  air  slowly 
slipping  into  the  water. . .  my  five-year  plan  is 
to  look  for  other  vendors  as  I  don’t  like  Avaya, 
hence  the  reason  I  never  bought  them  to  begin 
with.  I  think  Cisco  is  going  to  be  the  big  winner 
in  this  debacle. 

Anonymous 

Support  is  key  whether 
2  or  3  tiers 

Re:  10G  Ethernet  shakes  net  design  to  the  core 
(http://tinyurl.com/ofyzg5): 

The  bottom  line  is  that  you  have  to  be  flex¬ 
ible  when  building  a  network,  whether  2  or  3 
tier.  One  aspect  that  always  seems  to  be  for¬ 
gotten  when  building  out  any  network  is  the 
ongoing  support  and  how  will  equipment  be 


administered  —  all  boxes  break,  all  apps  have 
problems,  maintenance  is  always  needed.  I  cur¬ 
rently  run  a  huge  network  and  can  afford  very 
little  downtime.  Vendors  always  pitch  speeds/ 
high  performance  modules,  but  very  few  ever 
talk  about  operational  efficiencies. 

Anon 

Talk  about  adding  complexity  when  what  we 
really  need  is  simplicity.  Cisco’s  Nexus  is  great  for 
Cisco  to  sell  more  switches  —  five  new  switches 
where  you  used  to  need  only  three.  Not  so  good 
for  the  customer  looking  to  delayer  and  simplify. 

Once  again  —  Great  Cisco  marketing.  Prod¬ 
ucts?  Not  so  much. 

Anon 

Apple  makes  poor  call  on  iPhone 

Re:  Apple  betrays  the  iPhone’s  business  hopes 
(http://tinyurl.com/q8gesj): 

Nothing  new.  Remember,  Apple  at  one  point 
licensed  its  OS.  What  happened  to  the  investors 
and  employees  on  the  company  that  staked  its 
future  in  that  license?  Remember  when  Apple 
pulled  all  serial  ports  and  added  USB  ports?  I 
was  on  the  sales  queue  when  the  calls  started 
coming  in  from  irate  users  with  large  invest¬ 
ments  in  serial  devices  that  were  suddenly  only 
so  much  junk.  At  the  time  serial  to  USB  convert¬ 
ers  were,  basically,  unavailable. 

I  started  on  Macs,  but  will  not  go  back.  I’d  con¬ 
vert  to  Linux  first.  In  fact  will  probably  build  my 
kids  a  Linux  desktop  this  winter. 

Anon 

A  green  idea  for  T-Mobile 

Re:  T-Mobile  backs  off  plan  to  charge  $1.50  for 
paper  bill  (http://tinyurl.com/o7ks2u) 

T-Mobile  gets  a  tax  writeoff  for  donating,  so 
donate  $3  per  month  to  conservation  organiza¬ 
tions  (which  should  be  about  $1.50  after  the  tax 
break). 

Donate  only  to  organizations  that  actually  do 
something,  like  plant  trees,  conserve  wildlife,  etc. 
Let  consumers  vote  for  which  organizations  will 
get  the  donations. 

Anon 
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increased  web  use  Has  Given  Rise  to  increased  web  Threats 


■  New  research  reveals  that,  although  senior  IT  managers  are  taking  steps  to  protect  their 

enterprises  against  Web-related  threats,  they  are  not  doing  enough. 


While  the  Web  offers  incredible  opportunities  for  compa¬ 
nies  to  increase  employee  productivity,  enable  mobility 
and  drive  down  business  costs,  it  has  become  a  breeding 
ground  for  a  wide  variety  of  security  threats. 

Organizations  are  increasingly  using  the  Web  for  docu¬ 
ment  creation,  storage,  sales  force  automation  and  a 
host  of  other  capabilities.  And  users  are  accessing  these 
applications  from  a  range  of  endpoints:  desktops,  lap¬ 
tops,  netbooks,  smartphones,  home  computers,  personal 
mobile  phones,  etc. 

The  problem  is  that  growth  of  malware  is  rising  exponen¬ 
tially— faster  than  companies  can  protect  their  systems 
and  data.  Unfortunately,  organizations  are  not  sufficiently 
deploying  the  latest  technologies  to  address  these  Web 
threats,  according  to  new  research  from  IDG  Research 
Services,  in  conjunction  with  Network  World  magazine. 

The  survey— of  senior  IT  managers  across  the  U.S.,  in  en¬ 
terprises  with  1,000  or  more  employees— has  found  that 
these  decision-makers  rely  too  heavily  on  technologies 
that  cannot  adequately  address  the  rapidly  changing  na¬ 
ture  of  Web-related  risks.  Further,  they  are  not  managing 
Web  threats  as  efficiently  or  inexpensively  as  they  could. 

The  result  is  that  companies  are  exposing  themselves  to 
a  variety  of  threats,  including  the  compromise  of  access 
credentials  to  corporate  systems;  loss  of  customers' 


important  Factors  when  selectingAVendor 


Malware  filtering  and 
security  effectiveness 

Manageability  and  scalability 
Network  implementation 
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Reporting  capabilities 
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Source:  IDG  Research  Services,  June  2009 


personal  information;  and,  potentially,  millions  of  dollars  in 
fines,  legal  judgments  and  remediation  costs. 

WEB  DEFENSES  ARE  NOT  ADEQUATE 
Indeed,  senior  IT  managers  recognize  their  efforts  have 
room  for  improvement:  41  percent  say  their  Web  gateway 
protection  is  only  somewhat,  not  very  or  not  at  all  effective. 

Ironically,  50  percent  view  their  Web  gateway  as  effective 
at  reducing  non-business-related  Internet  use,  while  76 
percent  believe  that  the  accuracy  of  their  website  classifi¬ 
cations  for  URL  filtering  is  either  good  or  excellent.  Despite 
this  seemingly  good  result,  the  data  implies  that  companies 
are  relying  on  URL  filtering  too  much.  While  URL  filtering  is 
a  useful  adjunct  to  a  primary  system  that  protects  against 
Web  threats,  it  does  not  have  the  ability  to  safeguard 
against  ever-changing  and  zero-hour  threats. 

Another  disturbing  trend  is  that  many  companies  are 
spending  significant  amounts  on  Web  gateway  solutions. 
They  are  averaging  $18.58  per  user  for  Web  gateway  solu¬ 
tions,  and  their  IT  staffs  are  spending  an  average  of  31  hours 
per  week  to  manage  them.  This  data  reveals  that  many 
organizations  have  not  focused  sufficiently  on  methods  and 
technologies  that  can  reduce  their  Web  security  costs. 

Also  worrisome  is  that  most  IT  managers  report  that  facili¬ 
tating  compliance  and  minimizing  legal  liability  is  their  num¬ 
ber  one  challenge  with  respect  to  Web  gateway  security. 

Companies  are  continually  exposed  to  a  wide  and  grow¬ 
ing  variety  of  Web  threats.  The  situation  is  only  going  to 
become  more  challenging.  So,  it's  critical  that  IT  managers 
find  ways  to  sufficiently  protect  their  IT  infrastructures 
while  at  the  same  time  improving  security  management 
and  lowering  costs. 


For  further  research  results  and  considerations  for  deci¬ 
sion  makers,  download  the  white  paper  "Addressing  Web 
Threats"  at  www.networkworld.com/ 
whitepapers/trend,  websecurity 
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The  power  of  a  virtualized  enterprise. 
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BLOGOSPHERE 

■  10  in  IPv6  does  not  equal  10  in  IPv4. 

Network  World  blogger  Scott  Hogg  encoun¬ 
tered  a  funny  situation  this  past  week  while 
deploying  IPv6  on  a  tunnel  interface.  He 
realized  that  when  you  use  10  for  the  most 
significant  digits  in  an  IPv6  address  it  does 
not  mean  that  is  the  10th  address  in  that 
network.  We  are  trained  to  think  in  terms 
of  decimals  from  the  very  beginning  of  our 
education  as  children.  Breaking  out  of  that 
mindset  and  thinking  in  hexadecimal  is  an 
essential  skill  for  operating  a  network  in  an 
IPv6  world.  As  you  may  know,  IPv6  addresses 
are  128  bits  in  length  (compared  to  32-bit 
IPv4  addresses).  Because  IPv6  addresses 
are  so  long  they  are  typically  written  in  eight 
segments  or  “chunks”  of  four  hexadecimal 
digits.  When  we  configured  our  end  of  the 
tunnel  to  the  service  provider  the  tunnel 
interface  came  operational.  The  service 
provider’s  tunnel  interface  also  became 
active.  However,  we  couldn’t  ping  across 
the  tunnel  to  each  other’s  IPv6  address.  It 
took  us  about  30  minutes  to  realize  that 
2001:db8:100:200:300::0010  was  not  the 
correct  address  and  we  should  have  been 
using  2001:db8:100:200:300::000A.  When 
we  write  out  the  address  with  the  leading 
zeros  it  is  easier  to  see  our  mistake.  We  were 
stunned  when  it  finally  sank  in  that  A  was 
the  hex  equivalent  of  10  in  decimal.  The  hex 
equivalent  of  0010  in  decimal  is  16.  As  soon 
as  we  configured  the  one  end  of  the  tunnel 
with  the  “A"  address  all  the  routing  became 
fully  operational,  http://tinyurl.com/kshw3b) 

■  Can  Google  meet  government  cloud 
demands?.  Network  World  Senior  Editor  Jon 
Brodkin  notes  that  the  federal  government 

is  launching  headfirst  into  the  cloud  —  and 
Google  is  positioning  itself  to  grab  a  large 
chunk  of  Uncle  Sam's  business.  But  can 
Google  meet  government  demands  for  secu¬ 
rity  and  uptime?  Google  last  week  announced 
a  new  set  of  cloud  services  for  government 
agencies,  the  same  day  that  White  House 
CIO  Vivek  Kundra  unveiled  a  Web  site  from 
which  federal  agencies  can  purchase  online 
applications  and  computing  services,  the  IDG 
News  Service  reports.  Inefficiency  is  a  big 
driver  of  the  government  cloud  push.  Setting 
up  a  blog  cost  the  U.S.  Transport  Safety 
Administration  $600,000,  whereas  consum¬ 
ers  can  set  up  personal  blogs  with  nothing 
more  than  an  Internet  connection  and  Web 
browser.  The  government  spends  $75  billion 
on  IT  each  year  and  wants  to  find  inexpensive 
ways  to  deliver  computing  services  to  users. 
Google  may  have  to  bolster  the  reliability 
of  its  cloud  services  to  meet  government 
demands,  http://tinyurl.com/l3ndmt 


ITVIDEO 


Interviews,  the  Coolest  Tools  and  More 


IDG  News  Wire 

Motorola  launches 
the  Cliq/Dext 


IDG  News  Wire 

Presidential 

warning 


IDG  News  Wire 

Eli  investigates 
online  activity 


The  touchscreen  phone  is 
being  targeted  at  users  of 
social  networking  services 
and  will  use  a  Motorola  plat¬ 
form  called  MotoBlur. 
http://tinyurl.com/mssvp9 


President  Obama  tells  chil¬ 
dren  to  be  careful  what  they 
post  online. 

http://tinyurl.com/nd7j98 


More  than  half  of  all  online 
sellers  of  consumer  electron¬ 
ics  in  the  European  Union  are 
suspected  of  having  broken 
consumer  protection  laws. 
http://tinyurl.com/mh75q2 
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Top  5  best  practices  for 
firewall  administrators 


IT  Best  Practices:  At  the  recent  Defcon  17 
conference  in  Las  Vegas,  Tufin  Technologies 
conducted  a  survey  among  79  hackers,  asking 
about  their  hacking  habits.  According  to  the 
survey  results,  the  hacking  business  is  just 
coming  off  its  summer  break  and  gearing  up 
for  the  busy  Christmas  holiday  season,  so  you’d 
better  get  ready.  More  than  half  of  the  respon¬ 
dents  say  Christmas  is  the  best  time  to  engage 
in  corporate  hacking,  and  25%  specifically 
identify  New  Year’s  Eve  as  a  great  night  for 
hacking.  Although  hackers  don’t  mind  working 
holidays,  they  seem  to  prefer  having  weekends 
off.  The  survey  revealed  that  52%  of  the  respon¬ 
dents  tend  to  work  on  weekday  evenings,  but 
just  15%  do  their  dirty  work  on  weekends.  You 
can’t  say  that  hackers  lack  confidence  in  their 
abilities.  Ninety-six  percent  of  the  respondents 
say  it  doesn’t  matter  how  many  millions  of 
dollars  a  company  spends  on  its  IT  security 
systems;  it’s  all  a  waste  of  time  and  money  if  the 
IT  security  administrators  fail  to  configure  and 
watch  over  their  firewalls.  Eighty-six  percent 
of  respondents  felt  they  could  successfully 
hack  into  a  network  via  the  firewall;  a  quarter 
believed  they  could  do  so  within  minutes, 
and  14%  within  a  few  hours.  Sixteen  percent 


wouldn’t  hack  into  a  firewall  even  if  they  could. 

http://tinyurl.com/nmbab2 

Network  Management:  Wes  Wright  realized 
to  achieve  complete  visibility  of  his  organiza¬ 
tion’s  application  stack  and  gain  insight  into 
end-to-end  performance  from  the  user  perspec¬ 
tive  that  he  would  have  to  overhaul  the  moni¬ 
toring  tools  at  Seattle  Children’s  Hospital  in 
Washington.  The  vice  president  and  CTO  had 
past  experience  with  Concord  Communica¬ 
tions’  technology  and  a  slew  of  engineers  from 
management  software  maker  CA.  He  decided 
to  invest  with  the  vendor  to  overhaul  Seattle 
Children’s  Hospital  monitoring  systems.  Mov¬ 
ing  from  a  scattered  approach  using  multiple 
tools  from  Cisco  to  WhatsUp  Gold,  Wright 
installed  CA  Spectrum  Infrastructure  Manager 
and  CA  eHealth  Performance  Manager.  CA  also 
recently  acquired  more  network  management 
capabilities  with  NetQoS.  “We  are  building 
an  application  stack  that  will  monitor  both  the 
network  viability  of  getting  to  the  application 
and  putting  a  system  in  place  that  will  tell  us 
not  only  is  the  network  alive  but  are  the  appli¬ 
cations  alive,”  Wright  says. 
http://tinyurl.com/mk4lmm 
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The  end  of  phone  tag.  Turn  your  desk  phone  and  mobile  phone  into  one  with 
Sprint  Mobile  Integration.  You’ll  have  one  number,  one  voicemail  and  one  easy  way  to  control 
mobile  usage.  Simplify  the  way  your  company  stays  in  touch.  Make  it  easier  for  clients  to  reach 
you.  And  reduce  company  telecom  expenses.  Less  dialing,  happier  clients.  Productivity  starts  now. 

1-866-653-1056  sprint.com/convergence 
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United  States  retains  IT  edge, 
but  broadband  needs  work 


IQ  he  United  States  still  ranks  first  in  the  IT  industry  competitiveness 
index,  but  the  lack  of  a  broadband  infrastructure  and  tightened  immi¬ 
gration  policies  could  threaten  its  lead,  according  to  an  annual  study 
sponsored  by  the  Business  Software  Alliance.  Finland,  Sweden,  Canada, 
the  Netherlands,  the  United  Kingdom,  Australia,  Denmark,  Singapore 
and  Norway  follow  the  U.S.  as  the  10  most  competitive  nations  in  the  IT  field.  The 
study  takes  into  account  factors  such  as  supply  of  skilled  workers,  technology 
infrastructure,  intellectual-property  protection  and  a  government  that  promotes 
technology.  Several  reasons  helped  the  United  States  come  out  on  top,  includ¬ 
ing  a  large  pool  of  qualified  IT  workers,  a  good  R&D  environment  and  a  strong 
legal  system.  But  it  dropped  from  second  to  seventh  place  in  the  infrastructure 
category  because  some  parts  of  the  country  need  better  access  to  high-speed  net¬ 
works,  the  BSA  said,  http://tinyurl.com/lm6h67 


Curious  George’s  latest  mischief: 
malware.  The  Public  Broadcast¬ 
ing  System’s  Web  site  has  been 
infected  at  a  section  related  to  the 
Curious  George  children’s  TV 
show.  When  the  fake  authentica¬ 
tion  page  doesn’t  work  for  the 
user,  it  tries  to  drop  malware  on 
them,  researchers  say.  The  attacks 
include  attempts  against 
known  vulnerabilities  in 
Acrobat  Reader,  an  AOL 
ActiveX  control,  Apple  Quick¬ 
Time  and  others.  There  are 
patches  to  correct  these 
application  vulnerabilities 
but  if  the  user  hasn’t  applied 
the  patches,  the  exploit 
observed  by  Purewire  at 
the  PBS.org  Web  site  could 
be  successful  in  install¬ 
ing  malicious  code  on  the 
victim’s  desktop  computer. 

The  number  of  malicious 
Web  sites  has  more  than 
tripled  in  the  first  half  of 2009,  and  77%  of 
Web  sites  with  malicious  code  are  legitimate, 
trusted  sites  that  have  been  compromised, 
according  to  Websense  Security  Labs’  latest 
report,  http://tinyurl.com/nhn637 

Adobe  to  buy  Omniture  for  $1.8  billion. 

Adobe  has  agreed  to  buy  Web  analytics 
company  Omniture  for  $1.8  billion  in  cash, 
representing  a  45%  premium  over  Omniture’s 
average  closing  price  for  the  last  30  trading 
days.  Adobe,  known  for  multimedia  design, 
Web-development  and  document-creation 
software  such  as  Flash,  Dreamweaver  and 
Acrobat,  said  the  purchase  will  help  the 
company  add  Web  analytics  and  optimization 
capabilities  directly  to  those  products.  The 


deal  will  put  Adobe  a  step  ahead 
of  other  companies  creating  tools 
for  developing  digital  content,  says 
John  Lovett,  a  senior  analyst  at  For¬ 
rester.  Research  “The  combination 
of  these  two  technologies  makes 
sense  -  it’s  the  creative  meeting  the 
measurement  side  of  things,”  he 
says.  The  deal  creates  a  “big 
opportunity”  to  allow  content 
creators  to  potentially  measure 
the  impact  of  everything  they 
do,  Lovett  adds.  http://tinyurl. 
com/mxz7p7 

Cisco  forms  smart  grid  ecosys¬ 
tem.  Cisco  is  lining  up  partners  in 
its  smart  grid  initiative,  an  effort 
to  upgrade  utility  information 
infrastructures  with  Cisco  routers 
and  switches.  Cisco  is  creating 
the  Cisco  Smart  Grid  Ecosystem 
to  help  accelerate  the  adoption 
of  IP  for  utility  communications 
networks.  The  members  of  the 
ecosystem  include  system  integrators, 
technology  vendors,  power  and  utility  inte¬ 
grators,  service  providers  and  other  vendors 
that  represent  various  elements  of  the  smart 
grid  infrastructure,  Cisco  says.  The  ecosys¬ 
tem  has  27  companies,  including  Accenture, 
Cable&Wireless,  Capgemini,  EMC,  General 
Electric,  Oracle,  SAIC,  Siemens,  Verizon  and 
Wipro.  Interestingly,  IBM  is  not  on  the  list 
even  though  Cisco  and  IBM  are  engaged  in 
a  smart  grid  project  in  Amsterdam,  http:// 
tinyurl.com/lln257 

PC  demand  takes  off  ahead  of  Windows 

7.  People  are  snapping  up  new  desktop  and 
laptop  PCs  long  before  the  launch  of  Windows 
7,  a  sign  of  strong  demand  in  the  market. 


analysts  say.  Demand  for  PCs  improved  in 
July  and  August,  which  is  “something  special, 
because  the  expectation  was  that  many  people 
would  delay  purchases  until  after  Win  7  came 
out  in  October,”  said  Manish  Nigam,  head  of 
technology  research  in  Asia  for  Credit  Suisse. 
PC  shipment  growth  declined  for  six  straight 
months,  from  the  beginning  of  the  fourth 
quarter  of  last  year  through  the  end  of  the  first 
quarter  of  this  year,  iSuppli  said  in  a  report 
this  month.  Sequential  growth  returned  in 
the  second  quarter  and  will  continue  for 
the  rest  of  this  year  as  the  global  economy 
continues  to  recover  and  Win  7  launches,  the 
market  researcher  said,  http://tinyurl.com/ 
mwvqam 

Lawmakers:  Technology  is  needed  to  moni¬ 
tor  US  bailout.  The  U.S.  government  needs  to 
embrace  new  technology  to  provide  missing 
oversight  of  a  huge  bailout  of  the  U.S.  financial 
industry,  several  lawmakers  and  tech  vendors 
said  last  week.  The  government  is  doing  very 
little  to  track  spending  and  repayments  under 
the  Troubled  Asset  Relief  Program  (TARP), 
said  Rep.  Stephen  Lynch,  a  Massachusetts 
Democrat.  “We  have  to  figure  out  a  way  that 
we  can  provide  transparency  and  account¬ 
ability  to  the  American  taxpayer,”  Lynch  said 
during  a  hearing  before  the  House  Financial 
Services  Committee’s  Subcommittee  on  Over¬ 
sight  and  Investigations.  Information  about 
TARP  funding  is  collected  by  25  U.S.  govern¬ 
ment  agencies,  and  a  central  database  would 
allow  better  oversight  of  the  program,  said 
Rep.  Carolyn  Maloney,  a  New  York  Democrat. 
Representatives  of  four  tech  vendors  told  the 
subcommittee  that  the  technology  exists  to 
track  and  analyze  the  TARP  funds,  http:// 
tinyurl.com/n7jf5a 

Three  data  storage  start-ups  buck  trend. 

Three  data  storage  start-ups  have  landed 
more  than  $28  million  in  first-round  funding 
from  venture  capitalists,  a  rare  feat  in  today’s 
economy.  The  multi-million  dollar  financing 
went  to  Avere  Systems,  a  network-attached 
storage  company  that  netted  $15  million; 
GreenBytes,  a  de-duplication  vendor,  that 
raised  $8  million;  and  Sonian,  maker  of  an 
e-mail  archiving  and  disaster-recovery  ser¬ 
vice  that  secured  $5.6  million.  Venture  capital¬ 
ists  have  dramatically  reduced  spending  on 
computer  networking  companies  in  the  past 
couple  years.  Early  stage  vendors  have  suf¬ 
fered  because  a  lack  of  successful  initial  public 
offerings  and  acquisitions  has  forced  inves¬ 
tors  to  put  resources  into  existing  companies 
longer  than  expected.  “In  the  current  economy, 
the  bar  on  new  investments  is  extremely  high,” 
said  John  Jarve,  Menlo  Ventures  managing 
director,  in  the  Avere  announcement,  http:// 
tinyurl.com/kpxqua 
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NEC  GIVES  CURVE  WHAT 
IT  NEEDS  -  EFFICIENT 
COMMUNICATIONS. 

The  ultra-modern  Curve  in  the  heart  of  the  UK,  has  a 
highly-innovative  communications  platform.  This 
software-based  IP  platform  supports  every  aspect  of 
the  Curve's  operations,  integrating  fixed  and  wireless 
systems  with  ticketing  and  other  business  applications. 
Unified  communications  has  enabled  the  theatre  to 
achieve  operational  efficiency  and  deliver  a  i 
customer  experience.  Ruth  Eastwood  says,  "Beir 

one  of  the  theatre's  drivers.  NEC  technologies  of 

f 

theatre  both  flexibility  and  value  for  the 
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Learn  how  NEC  can  partner  with  your 
company  at  www.nec.com/cases/curve 
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SPECI  AL  FOCUS  DATA  LOSS  PREVENTION 


Sticker  shock  over  data-loss  wares 

New  DLP  competitors,  options  could  make  security  technology  more  affordable 


BY  ELLEN  MESSMER 


Data-loss  prevention  products  can  potentially  save  organizations  a 
bundle  by  preventing  the  escape  of  sensitive  information.  But  the 
six-figure  starting  price  for  a  typical  enterprise  deployment  of  host 
and  gateway-based  DLP  is  tough  for  many  to  swallow.  The  good 
news  is  that  prices  are  expected  to  fall  heading  into  next  year  as  more 
vendors  enter  the  fray  and  more  choices  for  how  to  roll  out  DLP  emerge. 


If  you’re  dealing  with  a  couple  thousand 
seats  for  DLP,  expect  $250,000  to  half  a 
million,”  says  Forrester  Research  analyst 
Andrew  Jacquith.  “But  we  will  see  price  ero¬ 
sion  because  of  competition.” 

Of  course,  vendors  are  fond  of  pointing  out 
that  even  today’s  prices  aren’t  too  high  when 
you  consider  the  cost  of  responding  to  a  data 
breach.  A  Ponemon  Institute  study  has  tagged 
this  at  more  than  $6  million  on  average,  or 
$202  per  customer  record,  plus  the  loss  of 
good  reputation  and  possible  lawsuits. 

The  market  to  prevent  data  leaks 
got  going  in  the  early  2000s  and  has 
gained  momentum  of  late,  though 
even  successful  vendors  still  tend 
to  boast  of  customer  numbers  in  the 
hundreds  rather  than  thousands.  The 
market  is  dominated  by  traditional 
antimalware  vendors  that  bought 
out  DLP  start-ups,  though  indepen¬ 
dents  such  as  Verdasys  remain  in  the 
mix  as  well.  Newcomers  will  include 
antimalware  vendor  Sophos,  which  is 
expected  this  fall  to  introduce  a  DLP 
offering  of  its  own. 

Jacquith  says  when  enterprises 
determine  an  immediate  need  for 
DLP,  the  usual  course  has  been  to  first 
turn  to  a  security  vendor  they  already 
rely  on  for  other  things. 

“If  it’s  a  big  McAfee  shop  or  a 
Symantec  shop,  they’ll  look  there 
first,”  he  says.  In  Forrester’s  analysis,  the 
market  leaders  are  Websense,  McAfee, 
Symantec,  CA,  EMC  security  division  RSA 
and  Verdasys. 

In  addition  to  DLP  becoming  available 
from  more  vendors,  it  will  wind  up  getting 
embedded  in  existing  software  and  hardware, 
including  switches,  servers  and  even  laptops. 
It  may  all  lead  to  the  “content-aware  enter¬ 
prise,”  a  phrase  coined  by  Gartner  analyst 
Eric  Ouellet,  who  says,  “It’s  about  sprinkling 
DLP  everywhere.” 

For  those  investing  in  DLP  today,  the  need 


is  straightforward. 

“We  need  to  protect  patient  information  or 
other  business  information,”  says  Larry  Whi¬ 
teside,  CISO  at  New  York  City-based  Visiting 
Nurses,  which  has  13,000  employees,  with 
3,500  nurses  providing  home  assistance  and 
facilitating  hospital  transition  care  for  some 
30,000  patients  in  the  greater  New  York  area. 

Visiting  Nurses,  which  had  already  been 
making  use  of  the  Websense  Security  Gate¬ 
way,  recently  added  the  vendor’s  DLP  gate¬ 
way  functionality.  Using  the  DLP  discovery 


DLP  consolidation 

How  vendors  have  bought  into  data- 
loss  prevention  in  recent  years 


Buyer 

DLP  start-up  (when  acquired) 

CA 

Orchestria  (January,  2009) 

McAfee 

Reconnex  (August,  2008) 

RSA 

(Security 
division  of  EMC) 

Tablus  (October,  2007) 

Symantec 

Vontu  (December,  2007) 

Trend  Micro 

Provilla  (October,  2007) 

Websense 

PortAuthority  (January,  2007) 

tool  (technology  deriving  from  Websense’s 
acquisition  of  PortAuthority  in  2007),  Visit¬ 
ing  Nurses  has  determined  where  sensitive 
data  is  located  in  its  30  file  servers  for  the 
purpose  of  detecting  and  blocking  breaches, 
including  inadvertent  ones. 

Plans  are  to  add  DLP  data-blocking  capa¬ 
bility  into  mobile  computers  used  by  nurses. 
Any  alerts  would  be  collected  into  the  firm’s 
Symantec  security-event  management  sys¬ 
tem,  Whiteside  says. 

“If  a  user  attempts  to  send  a  file,  we  would 
want  it  stopped  at  the  gateway,  with  an  alert 


generated  and  sent  to  the  [management  sys¬ 
tem],”  he  says. 

Support  from  business  managers  for  DLP 
has  been  solid,  especially  as  the  IT  depart¬ 
ment  is  also  under  constant  pressure  to  grant 
more  open  access,  Whiteside  says.  “From  the 
data  stewardship  standpoint,  it’s  on  my  staff 
to  make  sure  people  are  doing  what  they’re 
supposed  to  do,”  he  notes,  adding  he  does 
expect  it  to  take  up  to  half  a  year  to  deploy 
DLP  widely  as  business  processes  are  closely 
scrutinized. 

And  DLP  does  nothing  if  not  give  an  orga¬ 
nization  a  clear  picture  of  how  content  gets 
distributed  internally  and  to  the  outside. 
“The  visibility  you  get  is  incredibly  useful,” 
Jacquith  notes.  “Some  people  even  talk  about 
using  it  for  chargeback.” 

DLP  shortcomings 

While  the  accuracy  of  DLP  products  is 
regarded  as  good,  the  tools  aren’t  impervi¬ 
ous  to  being  tricked.  James  Wingate,  director 
of  the  Steganography  Analysis  & 
Research  Center  in  Fairmont,  WVa., 
says  it’s  possible  to  hide  a  file  inside 
another  using  steganography  tools 
and  “DLP  tools  will  not  detect  it.” 

Dave  Meizlik,  director  of  product 
marketing  at  Websense,  acknowl¬ 
edges  data  hidden  through  steg- 
anographic  tricks  may  slip  through 
a  DLP  system.  Encryption  also  is 
problematic  in  that  a  scrambled  doc¬ 
ument  would  have  to  be  decrypted 
to  have  its  content  inspected.  In 
some  cases,  that  can  be  set  up  under 
an  authorized  encryption  method. 
Documents  that  have  been  encrypted 
with  unauthorized  methods  could  be 
flagged  as  suspicious. 

Gijo  Mathew,  vice  president  of 
security  management  at  CA,  which 
acquired  DLP  start-up  Orchestria 
last  January,  says  encryption  can  be  regarded 
as  a  weak  point  in  DLP  today.  “If  it  can’t  read 
it,  it  can’t  analyze  it  to  block  it.” 

In  fact,  the  role  of  encryption  looms  large 
in  DLP,  with  the  more  sophisticated  systems 
designed  to  block  and  hand  off  e-mail  that 
should  be  encrypted  to  other  security  prod¬ 
ucts  the  organization  might  use.  CA  DLP,  for 
instance,  works  with  products  from  Voltage, 
PGP  and  Bit  Armor  so  data  tagged  as  sensitive 
can  be  automatically  handed  off  for  encryp¬ 
tion  before  transmission. 

See  DLP page  18 
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NEWSLETTER:  WIRELESS  ALERT 


Wi-Fi  to  fill  mobile  WAN  gaps 

AT&T,  others  to  supplement  3G/4G  with  Wi-Fi  capacity 


BY  JOANIE  WEXLER 


As  AT&T  prepares  yet  again  to  upgrade 
its  HSPA  7.2  3G  access  and  backhaul 
networks  in  the  United  States,  the 
word  is  that  some  mobile  network 
operators  will  eventually  look  to 
offload  some  of  their  spiraling  mobile  data  traf¬ 
fic  onto  Wi-Fi  networks.  It’s  not  clear  just  yet 
exactly  what  kind  of  experience  such  a  move 
would  deliver  to  users,  but  it  makes  sense  for 
major  operators  with  both  types  of  networks 
to  supplement  their  mobile  WANs  with  Wi-Fi 
where  they  need  the  bandwidth. 

That  seems  relevant  for  AT&T,  which  is 
the  sole  distributor  of  the  Apple  iPhone  in  the 


United  States,  a  device  that  is  at  least  perceived 
to  place  unprecedented  and  unanticipated  loads 
on  the  carrier’s  network.  Even  so,  however,  a 
recent  Gartner  study  did  indicate  that  all  four 
major  U.S.  carriers’  3G  networks  have  failed  to 
deliver  on  customer  throughput  expectations. 

In  fact,  enabling  access  to  AT&T’s  Wi-Fi  net¬ 
works,  which  comprises  20,000  hotspots  across 
50  states,  is  a  stated  component  of  the  carrier’s 
latest  upgrade  initiative.  It  aims  to  allow  cus¬ 
tomers  to  use  the  “best  available”  AT&T  mobile 
broadband  connection  wherever  they  happen  to 
be,  according  to  the  company. 

Carriers  who  want  to  shift  traffic  on  and  off 
Wi-Fi  networks  to  provide  better  throughput 
will  need  to  figure  out  some  way  to  make  that  a 


seamless  user  experience. 

For  example,  users  with  a  universal  client 
connectivity  application,  from  companies  such 
as  service  aggregator  iPass,  can  “transfer”  from 
a  3G  mobile  data  network  to  a  Wi-Fi  network 
fairly  easily,  but  the  process  does  require  a  few 
user  clicks.  Ultimately,  what  would  be  desirable 
would  be  for  the  underlying  provider  to  place 
user  traffic  and  sessions  on  the  “best”  wire¬ 
less  network  available  at  the  time  without  the 
user  having  to  fuss  about  it  or  worry  about  rate 
changes. 

Wexler  is  an  independent  technology  writer/ 
editor  in  Silicon  Valley.  She  can  be  reached  at 
joanie@jwexler.com. 


WHAT  ARE  IT  MANAGERS  SAYING 

ABOUT  MAINFRAME?  TURN  THE  PAGE...  Software 
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REVOLUT1  %  )NA  1 1 1  IVIAIN  FRAME  MANAGEMENTi 

LIMITATIONS  HAVE  CRUMBLED. 


Introducing  CA  Mainframe  2.0,  a  revolution  with  roots  grounded  in  more  than  30  years  of 
commitment  to  the  mainframe  and  destined  to  change  the  way  the  mainframe  is  managed  forever. 
The  time  has  come  to  automate  processes  in  pursuit  of  your  freedom  — freedom  to  make  your 
mainframe  work  harder  so  your  staff  can  work  smarter.  That's  the  power  of  lean. 

Learn  more  at  ca.com/mainframe2/value 

Copyright  ©  2009  CA.  All  rights  reserved. 


NETINSIDER  BY  SCOTT  BRADNER 


Will  Google  plan  emit  enough  of  a  siren  song? 


A  NUMBER  OF  people  in  the  news  business 
seem  to  hate  Google.  A  few  years  ago  newspa¬ 
pers  in  Belgium  sued  the  search  giant  to  get 
Google  to  stop  telling  the  world  about  them,  and  recently  the  editor  of  the 
Wall  Street  Journal  called  Google  a  parasite. 

Methinks  the  Journal  editor  doth  protest  too  much.  In  addition,  Google 
may  be  getting  ready  to  offer  newspapers  a  micropayment  tool  that  may 
speed  their  demise. 

In  an  interview  published  in  The  Australian,  (found  using  Google  News) 
Robert  Thomson,  the  editor  of  the  Wall  Street  Journal,  went  on  a  real  anti- 
Google  rant.  He  said,  “[T]here  is  no  doubt  that  certain  websites  are  best 
described  as  parasites  or  tech  tapeworms  in  the  intestines  of  the  inter¬ 
net.”  He  continued:  “It’s  certainly  true  that  readers  have  been  socialised 
—  wrongly  I  believe  —  that  much  content  should  be  free....  And  there  is  no 
doubt  that’s  in  the  interest  of  aggregators  like  Google  who  have  profited 
from  that  mistaken  perception.  And  they  have  little  incentive  to  recognise 
the  value  they  are  trading  on  that’s  created  by  others.” 

Strong  words.  But  the  Journal’s  actions  speak  louder  than  its  words.  The 
news  outfit  could  easily  install  a  robots.txt  file  to  stop  Google  from  includ¬ 
ing  the  Wall  Street  Journal  in  Google  news,  but  it  looks  like  it  has  not  done 
so.  The  Journal  might  argue  that  it  should  not  have  to  do  anything  and  it 
should  be  up  to  Google  to  ask  permission  first,  as  the  newspapers  in  Bel¬ 
gium  argued  a  few  years  ago. 

But  it’s  my  guess  that  the  Journal  put  doors  and  locks  on  its  One  World 
Financial  Center  office  in  New  York  and  may  even  pay  guards  to  keep  the 
riff-raff  out.  So  the  Journal  does  understand  the  concept  of  not  being  pas¬ 
sive  when  it  comes  to  keeping  people  out. 

Thomson  does  make  at  least  one  good  point  in  the  interview.  He  says 


that  “Google  argues  they  drive  traffic  to  sites,  but  the  whole  Google  sensi¬ 
bility  is  inimical  to  traditional  brand  loyalty.” 

I  have  to  agree  with  that  point  even  though  Internet  users  are  taken  to 
a  Web  page  on  the  Wall  Street  Journal  site  when  they  click  on  a  Google-pro¬ 
vided  URL.  And  that’s  a  Web  page  where  the  Journal  can  put  up  its  own 
ads,  or  even  block  access  since  the  Journal  has  erected  pay  walls  around 
a  lot  of  its  content.  In  spite  of  this,  I  expect  that  many  users  will  not  really 
notice  where  they  are. 

Google  may  be  getting  ready  to  introduce  a  tool  that  many  news 
organizations  seem  to  think  they  want  —  micropayments.  This  would 
let  newspapers  charge  users  to  read  individual  articles.  The  Google 
micropayment  scheme,  linked  to  Google  Checkout,  may  avoid  some 
of  the  pitfalls  that  caused  earlier  micropayment  schemes  to  fall  by  the 
wayside.  But  introducing  micropayments  may  hasten  the  demise  of 
the  newspapers  that  embrace  it  unless  all  other  sources  of  “free”  (or 
advertising  supported)  news  suddenly  disappear.  Why  go  through  the 
bother  of  paying,  even  a  little,  when  you  can  find  out  the  same  info  in 
other  ways? 

The  Siren  Song  of  Internet  Micropayments,  as  Internet  community 
pioneer  Steve  Crocker  once  put  it,  may  make  some  news  organizations 
embrace,  if  not  love,  Google.  But  in  the  end,  it  may  be  a  fatal  attraction. 

Disclaimer:  I  expect,  without  specific  knowledge,  that  Harvard’s  Greek 
literature  department  waxes  eloquently  about  siren  songs.  But  I  know  of 
no  university  opinion  on  newspapers  wanting  to  hide  their  light  from  the 
searching  world.  H 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


IN  A  RECENT  NETWORK  WORLD  POLL 
SPONSORED  BY  CA,  IT  MANAGERS  REVEALED: 

What’s  your  mainframe’s  biggest  challenge? 


Performance 


With  rapidly  changing  regulations  and  security  risks,  it's 
no  surprise  IT  managers  are  grappling  with  mainframe 
compliance  and  security  issues.  Mainframe  security 


software  can  ease  these  challenges  and  ensure  critical 
applications  and  data  are  protected. 

Read  more  of  what  your  peers  are  saying  on  Mainframe  at 
leanit.socialmedia.com/mainframe 


Software 


NEWSANALYSIS 


Microsoft  refuses  to  fix  IE 

Apple’s  Safari  for  Windows  browser  has  same  security  weakness 


Man-in-the-middle  attack  against  SSL  sessions 

Here  is  a  simplified  depiction  of  how  an  attacker  could  exploit 
null-character  weaknesses  in  some  browsers  to  hijack  SSL  sessions. 


Client 


Man  in  the 
middle 


mybank.com 

server 


31 


O  Attacker  establishes  itself  as  a  man  in  the  middle,  picking  off  an  SSL 
session  request  to,  say,  mybank.com. 

Q  Attacker  responds  with  a  signed  x.509  certificate  with  a  sub-domain 
matching  the  requested  domain  like  mybank.com/Ohacker.com. 

The  browser  stops  reading  it  at  the  null  character  "0'.' 

@  The  client  unwittingly  accepts  an  SSL  link  with  the  attacker. 


BYTIM  GREENE 


Microsoft  still  does  not  acknowledge 
a  weakness  in  its  Internet  Explorer 
browser  that  was  pointed  out  seven 
weeks  ago  and  enables  attackers 
to  hijack  what  are  supposed  to  be 
secure  Web  sessions. 

The  company  says  it  is  still  evaluating  whether 
the  weakness  exists,  but  Apple,  which  bases  its 
Safari  for  Windows  browser  on  Microsoft  code, 
says  Safari  for  Windows  has  the  weakness  and 
the  Microsoft  code  is  the  reason.  If  Microsoft 
doesn’t  fix  the  problem,  Apple  can’t  fix  it  on  its 
own,  Apple  says.  Apple  has  fixed  the  problem 
for  Safari  for  Macs. 

“Microsoft  is  currently  investigating  a  possible 
vulnerability  in  Microsoft  Windows.  Once  our 
investigation  is  complete,  we  will  take  appropri¬ 
ate  action  to  help  protect  customers,”  a  Microsoft 
spokesperson  said  via  e-mail.  “We  will  not  have 
any  more  to  share  at  this  time.” 

The  weakness  can  be  exploited  by  man-in- 
the-middle  attackers  who  trick  the  browser  into 
making  SSL  sessions  with  malicious  servers 
rather  than  the  legitimate  servers  users  intend 
to  connect  to. 

Current  versions  of  Safari  for  Mac,  Firefox 
and  Opera  address  the  problem,  which  is  linked 
to  how  browsers  read  the  x.509  certificates  that 
are  used  to  authenticate  machines  involved  in 
setting  up  SSL/TLS  sessions. 

Forewarned  two  months  ago 

In  July  two  separate  talks  presented  by  research¬ 
ers  Dan  Kaminski  and  Moxie  Marlinspike  at  the 
Black  Hat  Conference  warned  about  how  the  vul¬ 
nerability  could  be  exploited  by  using  what  they 
call  null-prefix  attacks.  The  attacks  involve  get¬ 
ting  certificate  authorities  to  sign  certificates  for 
domain  names  assigned  to  legitimate  domain- 
name  holders  and  making  vulnerable  browsers 
interpret  the  certificates  as  being  authorized  for 
different  domain-name  holders. 

For  instance,  someone  might  register  www. 
hacker.com.  In  many  x.509  implementations 
the  certificate  authority  will  sign  certificates  for 
any  request  from  the  hacker.com  root  domain, 
regardless  of  any  sub-domain  prefixes  that 

News  Alerts 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World’s  latest  news  alerts 
focusing  on  security,  financials,  stan¬ 
dards,  trade  show  news  and  vendor-spe¬ 
cific  news,  www.nwdocfinder.com/1002 


might  be  appended.  In  that  case,  the  authority 
would  sign  a  certificate  for  bestbank.hacker.com, 
ignoring  the  sub-domain  bestbank  and  signing 
based  on  the  root  domain  hacker.com,  Marlin¬ 
spike  says. 

At  the  same  time,  browsers  with  the  flaw  he 
describes  read  x.509  certificates  until  they  reach 
a  null  character,  such  as  0.  If  such  a  browser 
reads  bestbank.com\Ohacker.com,  it  would  stop 
reading  at  the  0  and  interpret  the  certificate  as 
authenticating  the  root  domain  bestbank.com, 
the  researcher  says.  Browsers  without  the  flaw 
correctly  identify  the  root  domain  and  sign  or 
don’t  sign  based  on  it. 

An  attacker  could  exploit  the  weakness  by 
setting  up  a  man-in-the-middle  attack  and  inter¬ 
cepting  requests  from  vulnerable  browsers  to 
set  up  SSL  connections.  If  the  attacking  server 
picks  off  a  request  to  bestbank.com,  it  could 
respond  with  an  authenticated  x.509  certificate 
from  bestbank.com\Ohacker.com.  The  vulner¬ 
able  browser  would  interpret  the  certificate  as 
being  authorized  for  bestbank.com  and  set  up 
a  secure  session  with  the  attacking  server.  The 
user  who  has  requested  a  session  with  bestbank 
would  naturally  assume  the  connection  estab¬ 
lished  was  to  bestbank. 

Once  the  link  is  made,  the  malicious  server 
can  ask  for  passwords  and  user  identifications 
that  the  attackers  can  exploit  to  break  into  users’ 
bestbank  accounts  and  manipulate  funds,  for 
example,  Marlinspike  says. 

In  some  cases  attackers  can  create  what  Mar¬ 
linspike  calls  wildcard  certificates  that  will 
authenticate  any  domain  name.  These  certifi¬ 
cates  use  an  asterisk  as  the  sub-domain  followed 


by  a  null  character  followed  by  a  registered 
root  domain.  A  vulnerable  browser  that  initi¬ 
ated  an  SSL  session  with  bestbank.com  would 
interpret  a  certificate  marked  *\Ohacker.com  as 
coming  from  bestbank.com  because  it  would 
automatically  accept  the  *  as  legitimate  for  any 
root  domain. 

This  is  due  to  “an  idiosyncrasy  in  the  way 
Network  Security  Services  matches  wildcards,” 
Marlinspike  says  in  a  paper  detailing  the  attack. 
Such  a  wildcard  will  match  any  domain,  he 

says. 

The  differences  between  what  users  see  on 
their  screens  when  they  hit  the  site  they  are  aim¬ 
ing  for  and  when  they  hit  an  attacker’s  mock  site 
can  be  subtle.  The  URLs  in  the  browser  would 
reveal  that  the  wrong  site  has  been  reached,  but 
many  users  don’t  check  for  that,  Marlinspike 
says. 

A  Microsoft  spokesperson  says  Internet 
Explorer  8  highlights  domains  to  make  them 
more  visually  obvious,  printed  in  black  while 
the  rest  of  the  URL  is  gray.  “Internet  Explorer  8’s 
improved  address  bar  helps  users  more  easily 
ensure  that  they  provide  personal  information 
only  to  sites  they  trust,”  a  Microsoft  spokesper¬ 
son  said  in  an  e-mail. 

Marlinspike  says  the  null  character  vulner¬ 
ability  is  not  limited  to  browsers.  “[Pjlenty  of 
non-Web  browsers  are  also  vulnerable.  Outlook, 
for  example,  uses  SSL  to  protect  your  login/ 
password  when  communicating  over  SMTP 
and  P0P3/IMAP.  There  are  probably  countless 
other  Windows-based  SSL  VPNs,  chat  clients, 
etc.  that  are  all  vulnerable  as  well”  he  said  in  an 
e-mail.  ■ 
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ADVERTISEMENT 


CASE  STUDY 

All  Ears  for  UC 

Pets,  their  owners  and  animal  hospitals  all  benefit 
from  unified  communications  solution. 


Shandon  Stamper,  Owner  and  Manager, 

PET  WOW  CARE  CENTERS 

Pet  WOW  is  a  family  owned  and  run  business  that  offers  veterinary  hospital 
care  centers  in  two  states.  In  addition  to  running  the  nearly  40-year-old 
business.  Stamper  also  takes  responsibility  for  IT  systems  management. 


Shandon  Stamper  says  customer  service 
is  the  key  to  his  veterinary  business. 

With  unified  communications,  this 
innovative  animal  hospital  handles  a 
vast  amount  of  calls  while  growing  its 
business,  without  subjecting  customers 
to  “fast  food”  service. 

What  led  to  Pet  wow's  investment 
in  UC? 

We  recently  expanded  our  business, 
adding  another  animal  hospital,  mobile 
veterinarian  services  and  a  groom¬ 
ing  business.  As  we  grew,  we  added  a 
phone  system  for  each  new  branch  with 
one  receptionist  answering  calls.  But 
those  separate  phone  systems  couldn’t 
interact,  which  made  for  a  rather  chaotic 
setup.  We  started  looking  for  a  simple, 
integrated  phone  system  and  found 
that  Avaya’s  unified  communications 
solution  opened  doors  to  many  new 
possibilities. 

Which  UC  capabilities  have  had 
the  most  impact? 

Once  we  discovered  that  the  VoIP 
phone  system  communicated  the  way 
computers  do  over  the  network,  we 
looked  at  Avaya  IP  Office  for  more  than 
just  answering  calls.  For  example,  having 
voicemails  managed  in  our  email  system 
allows  our  doctors  to  screen  calls  and 
deal  with  the  urgent  requests  imme¬ 
diately  while  handling  other  requests 
between  surgeries  and  rerouting  things 


like  prescription  refills.  And  our  staff 
loves  being  able  to  intercom  and  “drag 
and  drop”  phone  calls.  We  also  use  the 
recording  capability  to  monitor  custom¬ 
er  interactions  and  train  our  employees. 

How  has  your  mobile  business 
been  enabled  by  UC? 

We’re  doing  some  unique,  high-tech 
things  with  Avaya  IP  Office-like  using 
the  IP  phone  system  in  our  mobile 
units.  Doctors  can  intercom  back  to 
the  hospital,  communicating  as  if  they 
were  in  the  building,  without  costly  cell 
charges.  Our  traveling  vet  can  admit  pets 
and,  before  heading  to  his  next  call,  can 
meet  up  with  a  tech  who  takes  those 
animals  to  the  hospital  where  treatment 
can  begin.  During  this  time  the  hospital 
is  in  constant  communication  with  the 
admitting  veterinarian. 

What  has  UC  done  for  your  at-home 
workforce? 

The  person  answering  our  phone 
represents  the  hospital.  Unfortunately, 
it’s  hard  to  find  highly  skilled  people  to 
fill  that  job.  And  when  we  do  find  the 
right  people,  they  often  prefer  part-time, 
at-home  work.  With  Avaya  IP  Office,  we 
can  set  up  an  IP  phone  in  an  employee's 
home  that’s  integrated  with  the  hospital. 
That  person  can  answer  calls  while  her 
kids  are  in  the  next  room.  Our  employ¬ 
ees  love  it  and  we’re  able  to  get  skilled 
individuals  for  high  call  volume  shifts. 


What  effect  has  the  technology 
had  on  customer  service? 

UC  has  greatly  improved  customer  rela¬ 
tions  and,  more  important,  animal  care. 
We  try  to  keep  the  automation  relatively 
transparent  to  the  customer,  but  on  our 
side,  the  technology  streamlines  call 
handling  for  higher  quality  of  service. 
When  customers’  calls  come  in,  they  are 
routed  appropriately,  and  the  system  is 
integrated  so  that  calls  bounce  from  one 
phone  to  the  next  when  call  volume  is 
busy  And  with  the  voicemail  and  email 
system,  we’re  no  longer  dealing  with 
Post-it  Notes  or  returning  calls  blindly. 
So  customers  are  getting  far  more  con¬ 
tact  with  better  results. 

How  does  this  translate  into 
revenue  gains  and  cost  savings? 

Our  greatest  gain  has  been  in  customer 
service.  We  can’t  really  put  numbers  to 
word-of-mouth  referrals,  but  we’re  still 
growing  in  this  tough  economy,  which 
speaks  volumes.  For  hard  numbers, 
it’s  really  about  the  savings  in  staff.  We 
just  don't  need  as  many  people  sitting 
behind  the  desk  answering  phones,  and 
in  that  respect,  we’re  saving  $200,000 
annually. 


For  more  information  go  to: 

www.networkworid.com/ 

community/uc 
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RISKANDREWARD  BY  ANDREAS  ANTONOPOULOS 

Cloud  security  through  control  vs.  ownership 


CLOUD  COMPUTING  MAKES  auditors  cringe. 
It’s  something  we  hear  consistently  from  enter¬ 
prise  customers:  it  was  hard  enough  to  make 
virtualization  “palatable”  to  auditors;  cloud  is  going  to  be  even  harder.  By 
breaking  the  links  between  hardware  and  software, 
virtualization  liberates  workloads  from  the  physi¬ 
cal  constraints  of  a  single  machine.  Cloud  takes  that 
a  step  further  making  the  physical  location  irrele¬ 
vant  and  even  obscure. 

Traditionally,  control  of  information  flows 
directly  from  ownership  of  the  underlying  plat¬ 
form.  In  the  traditional  security  model  location 
implies  ownership,  which  in  turn  implies  control. 

You  build  the  layers  of  trust  with  the  root  of  trust 
anchored  to  the  specific  piece  of  hardware.  Virtu¬ 
alization  breaks  the  link  between  location  and  application.  Cloud  (at  least 
“public  cloud”)  further  breaks  the  link  between  ownership  and  control. 

As  we’ve  examined  in  many  previous  columns  we  are  rapidly  moving 
from  a  location-centric  security  model  to  a  more  identity-  and  data-centric 
model.  The  unstoppable  forces  of  ubiquitous  connectivity  and  mobility 
have  broken  the  location-centric  security  model  and  perimeter  strategy, 
and  left  us  searching  for  a  better  model  for  security.  In  the  process,  certain 
fundamental  assumptions  have  also  changed.  When  security  is  location¬ 
centric,  then  location,  ownership  and  control  are  aligned.  The  logical 
security  model  coincides  with  the  physical  security  model  and  a  perim¬ 
eter  separates  trusted  (owned,  local)  from  untrusted  (other,  remote).  As 
we  move  beyond  this  model  we  have  to  examine  the  links  between  location, 
ownership  and  control. 

Control  of  information  is  not  in  fact  dependent  on  total  ownership  or 
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to  exert  security,  any 
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a  fixed  location.  An  easy  example  is  public-key  encryption.  I  maintain 
ownership  of  a  private  key  and  I  control  access  to  it.  Usually  the  private 
key  is  stored  in  a  secure  location.  But  from  the  ownership  of  the  key  I  can 
exert  control  over  the  information  without  having  to  own  the  rest  of  the 
infrastructure.  I  can  build  a  trusted  VPN  over  an 
untrusted  infrastructure. 

The  key  here  is  that  public  cloud  computing 
requires  us  to  exert  control  without  ownership  of 
the  infrastructure.  We  can  exert  control  and  secure 
the  information  through  a  combination  of  encryp¬ 
tion,  contracts  with  service-level  agreements  and 
by  (contractually)  imposing  minimum  security 
standards  on  the  providers.  If  those  are  in  place, 
then  there  is  no  inherent  reason  why  a  cloud  com¬ 
puting  environment  cannot  be  made  secure  and 
compliant.  We  do  not  need  to  own  the  assets  in  order  to  exert  security,  any¬ 
more  than  we  need  to  own  the  Internet  in  order  to  trust  a  VPN. 

Auditors  and  regulators  are  continuously  adapting  to  new  technolo¬ 
gies  and  business  models.  As  long  as  we  can  clearly  demonstrate  control 
through  technology  and  contracts  we  should  be  able  to  make  a  cloud 
computing  environment  as  compliant  and  as  secure  as  a  privately  owned 
facility. 

Talk  to  your  auditors  about  their  understanding  of  risk  as  it  relates  to 
location,  ownership  and  control.  Once  you  clearly  separate  the  concepts 
you  might  find  it  easier  to  have  that  discussion.  ■ 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at  Nem- 
ertes  Research,  an  independent  technology  research  firm.  He  can  be 
reached  at  andreas@nemertes.com. 


■  DLP,  from  page  14 

Visiting  Nurses  is  considering  this  such  inter¬ 
action  between  its  Websense  Security  Gateway 
and  Cisco  IronPort  appliance.  (Cisco,  by  the  way, 
says  its  IronPort  C-Series  appliance  will  gain 
DLP  functionality  based  on  RSA  technology  by 
this  fall.) 

Where  to  put  your  DLP 

Whether  to  install  DLP  at  the  gateway  or  host 
level  —  or  buy  a  multipurpose  security  gateway 
with  DLP  or  a  stand-alone  device  —  is  a  topic  for 
debate  among  IT  and  security  managers. 

Installing  a  DLP  gateway  is  “a  no-brainer,” 
Forrester’s  Jacquith  says,  noting  it’s  the  least 
expensive  and  easiest  way  to  get  started. 

But  some  vendors  say  there’s  been  too  much 
emphasis  on  the  gateway  when  you  take  into 
account  the  mobility  of  employees. 

Trend  Micro’s  global  product  marketing  man¬ 
ager,  Mark  Bloom,  voiced  some  dismay  that  his 
company  (which  acquired  Provilla’s  LeakProof) 
is  considered  a  niche  player  in  DLP  by  Gartner 
because  “we’re  focused  on  the  endpoint.”  (See 
how  Trend  Micro  and  others  fared  in  our  recent 
endpoint  DLP  test.) 

Trend  Micro  expects  to  offer  DLP  for  the  gate¬ 
way  in  the  near  future.  While  LeakProof  is  a 
stand-alone  DLP  agent,  the  DLP  functionality 
will  be  moving  into  Trend  Micro’s  OfficeScan 
products  in  the  early  2010  timeframe.  “We’re  see¬ 
ing  a  big  push  to  have  a  content-aware  endpoint,” 


Bloom  says.  “We  should  have  a  single  agent.” 

In  fact,  there’s  a  broad  march  underway  by 
IT  vendors  to  integrate  DLP  functionality  into 
existing  security  host  and  gateway  products. 
These  include: 

■  McAfee’s  host  DLP  software  can  be  used 
alone  or  as  an  add-on  to  its  flagship  antimalware 
security  software  that’s  part  of  its  Total 
Protection  for  Data  Endpoint  suite.  McAfee 
is  looking  at  integrating  the  DLP  engine  into 
its  Web  gateway,  e-mail  gateway,  firewall  and 
intrusion-prevention  gear  in  the  coming  year. 

■  Microsoft  and  VMware  anticipate  integrating 
RSA  DLP  technology  into  future  products, 
though  this  is  still  in  the  early  stages.  RSA  is  the 
security  division  of  EMC,  which  is  the  majority 
owner  of  VMware. 

■  Symantec,  which  integrated  DLP  into  its 
Brightmail  e-mail  security  gateway,  has  also 
begun  integration  with  its  Altiris  management 
software.  Altiris  7  can  be  used  to  deploy  and 
troubleshoot  endpoint  DLP  Prevent  and 
Discover  agents  so  that  there’s  communication 
between  the  DLP  endpoint  and  the  Symantec 
Endpoint  Protection  agent,  its  flagship  security 
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software.  Integrating  DLP  into  Symantec  storage 
systems  can  be  expected  in  the  future.  Symantec 
DLP  Discover,  for  instance,  has  already  been 
integrated  into  Backup  Exec  System  Recovery, 
and  Symantec  intends  to  introduce  some  open 
APIs  for  DLP. 

HP,  which  acquired  outsourcing  giant  EDS 
last  year,  has  a  strategic  partnership  with 
Symantec  on  DLP.  EDS  supports  Symantec  DLP 
in  outsourcing  arrangements  with  enterprise 
customers  and  even  manages  the  DLP  system 
for  Symantec  itself,  which  selected  EDS  as  its 
outsourcing  partner,  says  Chris  Whitener,  chief 
strategist  at  HP’s  Secure  Advantage  division. 

A  focus  now  is  integrating  some  of  the  Syman¬ 
tec  DLP  capability  into  HP  ProCurve  switches 
and  deploying  DLP  in  HP  data  centers,  he  notes. 
Whitener  points  out  that  sometimes  organiza¬ 
tions  don’t  want  the  company’s  CSO  or  IT  support 
in  the  middle  of  handling  data-loss  issues  because 
this  is  seen  as  a  possible  conflict  of  interest. 

The  changing  world  of  DLP  is  something  that 
Phil  Moltzen,  senior  security  architect  at  the  U.S. 
Department  of  Energy,  is  keeping  an  eye  on.  He 
says  there’s  a  growing  awareness  that  attention 
must  be  paid  to  monitoring  content  that’s  leav¬ 
ing  the  network  as  well  as  all  the  work  that’s 
done  to  stop  attacks  related  to  phishing,  hackers 
and  malware  from  coming  in. 

The  cost  of  DLP  does  present  a  barrier  to 
large-scale  adoptions  today,  but  he  adds,  “DLP 
is  really  just  starting  to  take  off.”  ■ 
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■  Abuse,,  from  page  1 

the  net,  in  part  because  registration  services 
are  highly  automated,  validation  processes  are 
insufficient,  and  the  criminals  are  cagey,  deter¬ 
mined  and  technically  savvy. 

ScanSafe  researcher  Mary  Landesman  last 
month  uncovered  evidence  that  a  handful  of  Go 
Daddy  domains  were  being  farmed  out  for  use 
in  three  botnet-controlled  SQL  injection  attacks 
against  Web  sites  in  India,  U.S.  and  China. 

But  the  larger  issue  is  not  about  Go  Daddy, 
which  has  a  good  reputation  for  fighting  domain- 
name  abuse,  Landesman  says.  Rather,  the  prob¬ 
lem  encompasses  the  entire  domain-name  reg¬ 
istration  system,  along  with  the  faulty  Whois 
database  of  registrant  information  (overseen  by 
ICANN)  that  contains  fake  data. 

“It’s  not  intentionally  designed  for  this  kind 
of  abuse,  but  it  works  in  favor  of  the  crimi¬ 
nals,”  Landesman  notes.  Effective  reform  of  the 
domain-name  registration  process  would  strike 
at  the  heart  of  Internet  crime,  she  says. 

Criminals  who  mastermind  botnets  for  spam, 
phishing,  and  denial-of-service  attacks  rely  on 
domain  names  because  it  gives  them  “stability” 
in  their  controls,  says  Joe  Stewart,  a  researcher 
at  Atlanta-based  Secure  Works.  “All  the  bots  can 
map  to  the  new  IP  address  when  it  comes  up.” 

“It  would  be  a  lot  less  convenient  to  use  an 
IP  address,”  says  Amichai  Shulman,  CTO  at 
Imperva,  since  this  would  tend  to  limit  criminals 
to  a  more  specific  set  of  servers. 

Many  note  that  criminals  today  can  be  seen 
making  clever  use  of  what’s  known  as  “fast 
flux”  to  rotate  a  botnet  through  “thousands  of 
IP  addresses  using  a  single  domain  or  group  of 
domains,”  says  Dean  Turner,  director  of  Syman¬ 
tec’s  global  intelligence  network.  “It’s  designed 
to  defeat  IP  blacklists.” 

A  report  published  in  May  highlights  the  role 
of  domain  names  in  phishing  cybercrime.  The 
Anti-Phishing  Working  Group’s  report,  “Global 
Phishing  Survey:  Trends  and  Domain  Name  Use 
in  the  2nd  Half  of  2008,”  shows  that  there  were 
56,959  phishing  attacks  for  that  period  occurring 
on  30,454  unique  domain  names. 

Within  that  number,  “we  identified  5,591  that 
we  believe  were  registered  by  phishers,”  the 
report  says.  “These  ‘malicious’  domains  repre¬ 
sents  about  18.5%  of  the  domain  names  involved 
in  phishing.  Virtually  all  the  rest  were  hacked 
domains  belonging  to  innocent  site  owners.” 

The  report  notes  that  the  number  of  phishing 
methods  based  on  unique  IP  addresses  rather 
than  domain  names  is  dropping,  from  the  6,336 
seen  in  the  first  half  of 2007  to  just  2,809  unique 
IP  addresses  in  the  second  half  of  last  year. 

Another  trend,  according  to  the  report,  is  for 
phishers  to  use  so-called  “subdomain  registra¬ 
tion  services”  via  providers  that  give  custom¬ 
ers  subdomain  “hosting  accounts”  beneath  a 
domain  name  the  provider  owns.  This  practice 
can  only  be  mitigated  by  the  subdomain  provid¬ 
ers  themselves,  “and  some  of  these  services  are 
unresponsive  to  complaints,”  the  report  says. 

This  takes  the  problem  to  another  level,  par¬ 
ticularly  for  ICANN,  which  has  no  obvious 


authority  outside  of  its  direct  contractual  rela¬ 
tionships  with  registrars  and  registries  in  the 
ICANN-driven  domain-name  world. 

ICANN  responds 

VeriSign,  the  authoritative  ICANN-accredited 
registry  for  .com  and  .net,  declined  to  discuss 
the  topic  of  domain-name  abuse.  ICANN  rec¬ 
ognizes  the  problem  of  domain-name  abuse  by 
the  criminal  underworld,  but  its  policies  are 
still  evolving,  and  there  are  a  lot  of  uncertainties 
about  ICANN’s  authority  in  this  area. 

“Criminal  activity  that  concerns  the  abuse  of 
domain  names  is  a  huge  concern  to  ICANN,” 
says  Stacy  Burnette,  director  of  contractual  com¬ 
pliance  for  ICANN.  “It  disrupts  the  system.” 

The  tip  of  the  iceberg  can  be  seen  in  irregulari¬ 
ties  in  the  Whois  database.  ICANN  gets  thou¬ 
sands  of  complaints  about  registrars  every  year, 
many  related  to  inadequacies  or  wrong  informa- 


problem.” 

Meanwhile,  an  ICANN  committee  last  month 
issued  a  154-page  report  on  the  topic  of  fast  flux 
and  criminal  abuse  of  domain  names.  Piscitello 
says  so  far  no  consensus  has  been  reached  about 
what  to  do  on  this  issue.  Detection  methods  to 
uncover  criminal  fast  flux  are  quite  reliable,  but 
there  have  been  worries  expressed  about  liabil¬ 
ity  in  the  case  of  false  positives. 

The  domain  name  may  be  a  handy  tool  in 
cybercrime  today,  “but  one  goal  of  the  DNS  com¬ 
munity  is  to  take  that  tool  out  of  the  toolbox,” 
Piscitello  says. 

Making  changes 

There  are  many  language  and  jurisdictional 
legal  issues  that  make  tackling  domain-name 
abuse  problems  extremely  hard,  says  Ram 
Mohan,  CTO  at  Dublin-based  registry  services 
provider  Afilias  and  a  liaison  for  the  ICANN 


MM  We  are  focusing  more  on  registration 
II  issues  and  malicious  conduct.  I  don’t 
think  anyone  wants  to  see  the  DNS  abused.” 
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tion  in  the  Whois  database.  ICANN  must  review 
them  all,  and  then  contact  registrars  to  report 
and  remedy  any  identified  failings. 

But  when  it  comes  to  the  broader  problem 
of  cyber-criminals’  abuse  of  domain  names, 
ICANN  is  not  in  a  position  to  play  cop.  “ICANN 
is  a  non-profit  organization,  we  are  not  a  regu¬ 
latory  authority  or  a  police  authority,”  Burnette 
points  out. 

But  ICANN  has  held  meetings,  including 
the  “Generic  Names  Supporting  Organization 
Registration  Abuse  Policy  Workshop”  that  took 
place  in  Mexico  in  March,  to  discuss  policies  and 
guidelines  it  might  want  to  embrace  for  domain 
abuse  and  registration  abuse. 

Dave  Piscitello,  ICANN’s  senior  security  tech¬ 
nologist,  says  ICANN  plans  to  introduce  a  pro¬ 
posal  in  October  for  possible  new  guidelines  for 
tighter  security  in  advance  of  ICANN’s  planned 
expansion  of  new  gTLDs  next  year. 

Though  not  at  liberty  to  discuss  the  specifics, 
he  points  out  this  proposal  will  have  to  undergo 
a  review  by  the  entire  ICANN  community,  and 
hold  up  to  criticism,  before  it  has  any  chance  to 
be  adopted  by  the  ICANN  board. 

“We  are  focusing  more  on  registration  issues 
and  malicious  conduct,”  Piscitello  says.  “I  don’t 
think  anyone  wants  to  see  the  DNS  abused.” 

VeriSign,  he  notes,  recently  proposed  adding  a 
strong-authentication  service  for  registrars  and 
registrants  for  two-factor  authentication.  Other 
ideas,  such  as  requiring  auditing  of  registrars, 
are  on  the  table  at  ICANN,  Piscitello  says. 

But  he  notes  that  the  ICANN  community  is 
broad,  consisting  of  countries  that  have  more 
influence  over  how  their  country-code  top-level 
domains  (ccTLD)  are  used  than  ICANN.  “We  can 
set  an  example  with  the  gTLDs,  but  only  a  coop¬ 
erative  effort  with  all  governments  can  solve  this 


Security  and  Stability  Advisory  Committee  on 
the  ICANN  Board  of  Directors. 

His  opinion  is  that  ICANN,  which  has  overall 
responsibility  for  the  Whois  database  of  regis¬ 
tration  information,  has  to  find  a  way  to  validate 
the  entries. 

“Some  rules  in  ICANN  are  just  broken,” 
Mohan  says.  The  overall  domain-name  regis¬ 
tration  system  “was  created  at  a  time  of  a  benign 
Internet.  Today  we  have  no  burden  of  validation 
and  that  can  be  fixed.”  He  also  says  it  might  be  a 
wise  move  to  require  some  sort  of  security  audit 
of  the  registrars  and  registries. 

Ideally,  some  reform  can  be  carried  out 
before  ICANN  releases  new  top-level  domains. 
“ICANN  is  opening  up  the  floodgates  for  top- 
level  domains,”  Mohan  says.  If  the  domain-name 
registration  system  can’t  be  improved,  the  prob¬ 
lem  of  abuse  can  only  be  expected  to  get  worse. 

Attempts  by  industry  to  cut  off  criminal  access 
to  domain  names  is  proving  difficult.  The  first 
globally  organized  effort  to  attempt  that  —the 
Conficker  Working  Group  —  sought  to  disable 
domains  targeted  by  the  Conficker  worm  for 
use  in  its  command-and-control  system.  But  the 
team  was  outflanked  when  the  botnet’s  design¬ 
ers  switched  to  ccTLDs  in  the  .C  version  of  Con¬ 
ficker  earlier  this  year. 

The  Conficker  Working  Group  hasn’t  been 
able  to  get  enough  ccTLD  participants  on  board 
to  effectively  tie  up  Conficker  domains.  “We  have 
90%  of  the  ccTLDs  participating  but  10%  are  not 
involved,”  says  Symantec’s  Turner. 

Still,  ICANN’s  Piscitello  says  the  importance 
of  the  Conficker  Working  Group  is  that  it  “dem¬ 
onstrated  that  if  we  do  get  significant  collabora¬ 
tion,  we  can  inflict  a  little  pain  on  the  criminal, 
make  it  more  difficult.  Its  success  is  having 
established  a  collaborative  response.”  ■ 
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HP  extends  data  center, 
campus  switches 


BY  JIM  DUFFY 


The  data  center  and  campus  switches  HP 
rolled  out  last  week  are  intended  to  bet¬ 
ter  align  HP’s  data  center  compute  and 
networking  products  for  an  enterprise 
customer  battle  with  Cisco. 

The  products  included  blade  switches 
designed  to  reduce  cost  and  improve  security  in 
the  data  center;  an  8Gbps  FibreChannel  Virtual 
Connect  module  and  firmware  upgrade  intended 
to  tune  bandwidth  to  application  requirements; 
and  new  chassis  and  modules  for  its  ProCurve 
5400  and  8200  Ethernet  switches  to 
provide  an  array  of  configurations 
depending  on  network  need. 

The  switches  and 
switch  enhancements 
are  designed  to  increase 
density  and  tightly  inte¬ 
grate  switching  with  blade 
server  systems,  much  like 
Cisco  did  with  its  Unified 
Computing  System,  which 
began  shipping  in  June.  UCS 
integrates  data  center  servers, 
switching,  virtualization  and  stor¬ 
age  access,  and  are  viewed  as  a  competi¬ 
tive  assault  on  HP  and  IBM’s  traditional  data 
center  turf. 

HP’s  campus  LAN  enhancements,  meanwhile, 
are  viewed  as  lower  cost  alternatives  to  Cisco  in 
that  market  as  well. 

“This  is  the  first  proof  point  that  they’re  roll¬ 
ing  ProCurve  in  to  the  broader  HP,”  says  Zeus 
Kerravala  of  the  Yankee  Group,  who  viewed  the 
announcement  as  a  direct  assault  on  Cisco  UCS. 
“Vendors  have  to  have  compute  expertise  in  data 
center  networking.” 

Another  analyst  saw  it  a  bit  differently,  how¬ 
ever.  Rather  than  a  defensive  response  to  UCS, 
Nick  Lippis  sees  the  HP  announcement  as  more 
of  a  proactive  offensive. 

“For  the  first  time,  HP  and  ProCurve  are  not 
following  Cisco,”  Lippis  says.  “Their  [network¬ 
ing]  history  has  always  been  competing  with 
Cisco.  But  this  is  a  very  different  announcement, 
it’s  not  a  direct  Cisco  response.” 

Regardless,  it  does  make  HP  a  more  compel¬ 
ling  data  center  and  campus  networking  alterna¬ 
tive  to  Cisco  and  helps  fill  out  its  compute/net¬ 
working  integration  story,  especially  in  the  data 
center.  For  that  environment,  HP’s  new  blade 
switches  include  the  10G  Ethernet  ProCurve 
6120XG  and  ProCurve  6120G/XG. 

The  6120XG  sports  eight  10G  uplinks  -  one 
10GBASE-CX4  Ethernet  or  one  SFP+,  five  SFP+ 
that  can  be  either  lGbps  or  lOGbps,  and  two  mid¬ 
plane  crosslinks  or  SFP+. 

The  6120XG  is  also  Converged  Enhanced 


Ethernet  “ready,”  which  means  it  will  support  an 
upgrade  to  the  CEE  standards  for  the  integration 
of  Ethernet  and  Fibre  Channel.  Those  standards 
are  expected  for  ratification  in  the  first  or  second 
quarter  of  2010. 

The  6120G/XG  is  designed  to  facilitate  the 
transition  from  1G  to  10G  Ethernet.  It  features 
one  10G  Ethernet  CX4  port  for  short  distance 
data  center  links;  two  10G  Ethernet  XFP  ports 
for  copper  or  fiber  connectivity;  two  1G  Ethernet 
SFP  ports;  and  four  1G  Ethernet  RJ-45  ports. 

In  addition  to  aiding  in  the  migration  to  10G, 
the  6120G/XG  supports  the  attachment  of  leg¬ 
acy  network  equipment  in  the  data  center.  The 
6120XG  costs  $11,500.  The  6120G/XG 


The  6120XG  sports 
eight  10G  uplinks 
and  is  CEE  ready. 


costs  $5,500. 

The  Virtual  Connect  8Gbps 
FibreChannel  module  supports  20  ports 
of  8Gbps  uplink  and  downlink  bandwidth.  It 
is  backward  compatible  and  replaces  a  20-port 
4Gbps  Fibre  Channel  Virtual  Connect  module 
already  offered  by  HP.  It  costs  the  same  as  the 
4Gbps  module  —  $9,500. 

The  Virtual  Connect  firmware  upgrade  pro¬ 
vides  dynamic  bandwidth  adjustment  depend¬ 
ing  on  application  requirements,  HP  says.  It  sup¬ 
ports  twice  the  number  of  virtual  LANs  —  128 
—  per  uplink  set. 

HP  would  not  discuss  product  plans  for  data 
center  core  switches  and  48-port  and  higher  top- 
of-rack  10G  switches,  with  or  without  support 
for  FibreChannel-over-Ethernet;  nor  would  it 
discuss  product  plans  for  a  FibreChannel-over- 
Ethernet  Virtual  Connect  module. 

For  the  campus  LAN,  HP  unveiled  a  half¬ 
size  chassis  of  its  8212zl  switch.  The  8206zl  is 
designed  for  high-density  LAN  access,  midsize 
LAN  core  and  distribution  layer  applications, 
and  data  center  end-of-row  access  and  aggrega¬ 
tion.  It  features  six  chassis  slots  and  the  same 
hardware  and  software  architecture  as  the 
8212zl.  The  8206zl  costs  $12,600. 

Yankee  Group’s  Kerravala  says  the  new  HP 
campus  switching  products  could  presage  a 
price  war  on  the  edge  of  the  enterprise  network 
while  also  allowing  HP  —  the  No.  2  Ethernet 
LAN  switching  vendor  to  Cisco,  according  to 
Dell’Oro  Group  —  to  grab  more  market  share. 

“If  I’m  not  Cisco,  how  do  I  gain  share,”  Kerrav¬ 
ala  asks.  “If  I  am  Cisco,  how  do  I  protect  share? 
This  is  a  great  time  to  be  a  customer."  ■ 
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EYEONTHECARRIERS  BY  JOHNA  TILL  JOHNSON 

Transformative  technologies  for  21st  century 


INNOVATIONS  SEEM  TO  have  a  natural  eco¬ 
nomic  life  cycle:  an  obscure  invention  (say,  elec¬ 
tricity,  or  the  internal  combustion  engine)  sparks 
an  entire  constellation  of  industries,  which  grow  exponentially  for  a  while, 
then  settle  into  a  stagnant  maturity. 

You  can  think  of  the  entire  IT  and  networking  industries  as  emerg¬ 
ing  from  two  innovations:  the  transistor  in  1948,  (which  gave  rise  to  the 
microprocessor)  and  optical  fiber  in  1952.  The  conjunction  of  these  two 
inventions  essentially  created  the  entire  computing  and  communications 
industries  —  or  IT  as  we  know  it. 

That  means  IT  is  about  60  years  old.  If  it  were  human,  it  would  qualify 
for  AARP  membership  and  be  looking  forward  to  Social  Security.  Not  over 
the  hill  yet,  but  definitely  heading  towards  the  downward  arc  of  the  cycle 
-  right? 

I’m  not  so  sure.  Yes,  I  think  we’ve  hit  a  lull  in  IT  innovation  —  which  hap¬ 
pens  every  decade  and  a  half  or  so.  After  the  development  of  mainframes, 
most  folks  were  pretty  sure  that  IT  had  hit  maturity  —  then  minicomput¬ 
ers  came  along  (remember  Tracy  Kidder’s  “Soul  of  a  New  Machine?”).  And 
then  PCs  and  LANs,  client-server  computing,  and  the  whole  networking/ 
telecommunications  explosion.  By  my  count,  we’ve  been  through  at  least 
three  innovation  ebbs  in  the  IT  space  —  and  each  time,  IT  has  bounced  back 
stronger  than  before. 

This  time,  I  think  we’re  experiencing  the  calm  before  the  storm  —and 
when  this  particular  storm  hits,  it’ll  be  a  doozy. 

Have  a  look  at  just  three  technologies  that  have  the  ability  to  completely 
revolutionize  IT  from  the  ground  up:  memristors,  nanowires  and  OLEDS. 


Memristors  are  transistor-like  devices  made  out  of  titanium  dioxide  that 
can  remember  voltage  state  information.  They  hold  the  potential  for  com¬ 
pletely  revolutionizing  storage  and  processing  technologies  because  they 
erase  the  distinction  between  processing  and  storage  (you  can  do  both  on 
the  same  chip).  More  prosaically,  they  make  it  possible  to  create  storage 
devices  that  require  no  power.  How  will  that  affect  your  data  center? 

Then  there  are  nanowires:  tiny  wires  no  more  than  a  single  nanometer 
in  width  that  can  be  conductors,  insulators  or  semiconductors  (albeit  with 
weird  quantum  properties).  These  can  form  the  basis  for  embedded  intel¬ 
ligent  networks  —  sensor  and  control  networks  that  are  actually  built  into 
the  materials  and  devices  they  control.  (Take  that,  smart  grids!) 

Finally,  there  are  organic  LEDs,  which  have  the  interesting  property 
that  they  can  be  printed  onto  things  such  as  wallpaper  at  relatively  low 
cost.  Sony  has  developed  OLED  monitors,  and  GE  is  looking  into  OLED 
wallpaper.  So  in  a  couple  of  years,  your  new  office  (or  home  office)  may 
come  equipped  with  wallpaper  that,  at  the  touch  of  a  button,  can  turn 
into  a  floor-to-ceiling  high-resolution  display.  (Think  of  the  bandwidth 
requirements.) 

Each  of  these  technologies  holds  the  possibility  of  completely  reshaping 
IT  within  the  next  few  years.  And  the  conjunction  of  all  three  could  make 
the  conjunction  of  the  transistor  and  fiber  optics  look  like  a  warm-up  act. 

Bottom  line:  Stay  tuned,  the  fun’s  just  beginning.  9 

Johnson  is  president  and  senior  founding  partner  at  Nemertes  Research, 
an  independent  technology  research  firm.  She  can  be  reached  at  johna@ 
nemertes.com. 


Virtual  Computer  offers  killer  new  desktop 

The  product  is  ahead  of  the  game  now,  but  tough  competition  is  emerging 


BY  JULIE  BORT 


Virtual  PC  just  might  have  a  perfect  solution  to  the  XP-to-Win- 
dows  7  upgrade  problem:  its  new,  affordable,  bare  metal  desk¬ 
top  hypervisor.  The  desktop  hypervisor  supports  Windows  7 
(among  other  operating  systems)  on  the  client  while  providing  a 
sophisticated  set  of  management  tools  on  the  server.  These  sup¬ 
port  Windows  Server 2008  and  Hyper-V.  Ironically  enough,  the  client  bare 
metal  hypervisor  is  based  on  Xen.  Want  more  irony?  The  product,  dubbed 
NxTop,  more-or-less  competes  with  Citrix’s  not-yet-released  bare-metal 
desktop  Xen  hypervisor,  XenClient  (formerly  code-named  Project  Inde¬ 
pendence).  And  yet  in  January  Citrix  invested  in  Virtual  PC. 

With  the  Virtual  PC  bare  metal  hypervisor,  a  desktop  can  run  multiple 
operating  systems  side-by-side.  While  it  is  true  that  PCs  can  do  this  with 
Microsoft’s  Virtual  PC,  Microsoft  is  not  aiming  Virtual  PC  at  the  enterprise 
VDI  market,  with  all  the  support  tools  of  a  one-to-many  infrastructure.  If 
you  want  a  sophisticated  virtual  desktop  infra¬ 
structure  (VDI)  from  Microsoft,  you’ll  add  cost 
and  complexity. 

In  contrast,  NxTop,  which  is  available  now  to 
participants  in  the  company’s  NxTop  Now!  early 
adopter  program  carries  a  list  price  of  $150  per 
managed  PC  for  a  perpetual  license. 

In  the  meantime,  Citrix’s  own  XenClient  isn’t 
expected  to  be  out  until  year-end  and  is  waiting 
on  the  day  PC  hardware  makers  release  wares 
that  support  it.  That’s  one  of  NxTop’s  biggest 
advantages.  NxTop’s  hypervisor  includes  a  virtual 
video  card  that  lets  virtual  machines  access  all  of 


the  hardware,  including  the  video  card,  natively,  so  that  the  VM  performs 
about  as  fast  as  a  fat  client. 

NxTop  doesn’t  require  the  desktop  to  maintain  a  full-time  connection 
to  the  virtual  desktop  infrastructure  in  order  to  function  as  if  it  were  con¬ 
nected.  When  the  connection  is  restored,  the  client  will  automatically 
synch  with  the  server. 

Virtual  Computer  sees  Windows  7  as  its  big  opportunity  and  has  opti¬ 
mized  itself  for  the  new  Windows  OS.  NxTop  allows  the  desktop  admin¬ 
istrator  to  create  a  single  master  image  of  Windows  7  and  deploy  it  to  all 
users.  Future  updates  can  then  be  done  once  on  the  master  image  and 
rolled  out  in  the  background  to  desktops  when  they  are  linked  with  the 
server.  Virtual  PC  promises  that  it  won’t  burden  the  network. 

Phil  Hochmuth,  a  senior  analyst  covering  desktop  virtualization  for  the 
Yankee  Group,  also  spied  NxTop  product  at  VMWorld  and  had  this  to  say 
about  it:  “While  the  virtual  desktop  infrastructure  is  a  trend  that  has  got¬ 
ten  a  lot  of  buzz,  in  a  lot  of  ways  it  goes  against  the  larger  trend  of  enterprise 
mobility.  A  lot  of  the  large  VDI  vendors  are  talking 
about  virtual  desktops  while  enterprise  employ¬ 
ees  are  becoming  increasingly  mobile  and  using 
laptops  more. 

Virtual  Computer  is  ahead  of  these  larger 
rivals  in  the  client-side  hypervisor  race,  which 
addresses  the  mobility  issues  of  VDI.  They  also 
seem  to  have  a  clever  provisioning  and  manage¬ 
ment  technology  that  should  appeal  to  organiza¬ 
tions  with  large  numbers  of  laptops  and  mobile 
employees.  But  they’re  up  against  some  power¬ 
ful  competitors  who  have  client  side  VDI  on  their 
roadmaps.”  ■ 
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NEWSANALYSIS 


How  Avaya  and  Nortel  enterprise  businesses  fit 

With  Avaya  snapping  up  Nortel’s  Enterprise  Solutions  division,  here's  a  look  at  where 
products  overlap  and  where  they  don’t. 


Contact  center 


Unified 

communications 


Phones 

Enterprise  data  gear 
Hardware  servers 


Avaya:  Call  Center,  Contact  Center  Express, 

Interaction  Center,  One-X 

Nortel:  Contact  Center,  Contact  Center 
Express,  Contact  Center  Agent 

Avaya:  One-x  Communicator,  Modular  Messaging,  Unified 
Messaging,  Unified  Conferencing,  Video  Communications 

Nortel:  Meridian  PBXs,  Business  Communications 
Manager,  Call  Pilot,  Call  Director 

Avaya:  Wide  variety  of  wired,  wireless,  digital  and  IP  phones 
Nortel:  Wide  variety  of  wired,  wireless,  digital  and  IP  phones 

Avaya:  None 

Nortel:  switches,  routers,  VPNs,  firewalls, 

NAC,  wireless  access  points 

Avaya:  Four  families  of  hardware  designed 
for  specific  software  platforms 

Nortel:  None 


■  Avaya ,  from  page  1 

“Like  an  onion,  there  are  lots  of  layers,”  says 
Nortel  customer  Bruce  Meyer,  director  of  network 
services  at  ProMedica  Health  Systems  in  Toledo, 
Ohio.  “Let’s  see  where  they  go  from  here.” 

“There  may  be  some  surprises  there,”  says 
Bob  Hafner,  an  analyst  with  Gartner.  “These  are 
going  to  be  two  large  companies  coming  together. 
These  things  never  go  without  issues,  problems 
or  concerns.” 

Significant  overlap  is  expected  in  the  IP  tele¬ 
phony/unified  communications  portfolios  of 
both  companies  —  such  as  IP  PBXs,  handsets 
and  call  management  software.  Avaya  is  the 
leading  revenue  market-share  vendor  in  enter¬ 
prise  telephony,  according  to  Dell’Oro  Group, 
while  Nortel  is  No.  4. 

Little  to  no  overlap  will  be  found  in  routers, 
switches  and  other  infrastructure  products, 
where  Nortel  has  a  significant  market  share  and 
installed  base.  Indeed,  Meyer  believes  Nortel 
routers  and  switches  will  be  less  susceptible  to 
discontinuation  than  the  VoIP  products,  because 
Avaya  has  virtually  no  data  products. 

“With  Avaya,  there’s  not  a  lot  of  strength  in 
enterprise  data,”  Meyer  says.  “[Avaya]  will  want 
to  know  that  the  infrastructure  is  good.” 

“The  biggest  issue  for  users  is,  ‘Show  me  the 
[product]  road  map,”’  says  Henry  Dewing  of 
Forrester  Research.  “They  want  to  see  hardcore 
product  plans  and  how  they  are  going  to  actually 
consolidate  product  lines.” 

Avaya  has  pledged  near-term  support  for  the 
Nortel  enterprise  products,  including  those 
serviced  by  Verizon,  a  Nortel  reseller.  Verizon 
filed  motions  last  week  seeking  assurances  that 
Avaya  would  continue  to  support  the  Verizon 
accounts,  which  the  carrier  says  include  many 
federal  law  enforcement  agencies. 

“I’d  be  surprised  if  that  issue  doesn’t  work 
itself  out,”  says  IDC  analyst  Abner  Germanow 
of  the  Verizon/Avaya  scuttle.  “I’d  have  a  hard 
time  believing  they’d  leave  the  U.S.  government 
out  to  dry.” 

Longtime  users  would  also  like  support 
assurances.  In  addition  to  product  direction, 
Meyer  hopes  the  relationship  his  company  has 
had  with  Nortel  sales,  service  and  support  rep¬ 
resentatives  remains  intact. 

To  that  end,  Avaya  kicked  in  $15  million  for 
employee  retention,  on  top  of  the  $900  million 
purchase  price  for  Nortel  Enterprise  Solutions. 
Nortel  enterprise  chief  Joel  Hackney  said  last 
week  that  Avaya  could  retain  as  much  as  75% 
of  Nortel’s  enterprise  staff,  though  he  would  not 
say  how  many  the  unit  employed. 

Published  reports,  however,  stated  that  Avaya 
may  only  retain  60%  or  less  of  the  Nortel  enter¬ 
prise  workforce,  a  situation  that  troubles  Meyer. 

“My  concern  is  reduced  staff,”  he  says.  “We’re 
talking  about  lots  of  long-term  relationships. 
Brand  loyalty  comes  from  post-sales  support.  If 
those  relationships  change  because  of  staffing 
changes,  that  would  be  a  big  deal.” 

IDC’s  Germanow  is  advising  Nortel  custom¬ 
ers  to  accelerate  any  assessment  or  planning 
activities  in  light  of  the  Avaya  takeover. 


“They  should  figure  out  where  their  own  needs 
lie  and  how  to  most  effectively  migrate,”  he  says. 
“They  should  hold  companies  to  their  multi -ven¬ 
dor  visions  —  that  open  means  open.” 

Gartner’s  Hafener  agrees.  “Customers  need  to 
pay  attention  to  what’s  going  on  in  the  [merged] 
organization”  to  detect  potential  distractions  or 
downsizings  that  may  affect  them,  he  says. 


BYJONBRODKIN 


nterprises  can  rewrite  legacy  applica¬ 
tions  and  move  them  to  the  Amazon 
cloud  with  a  new  product  from  a  vendor 
called  Queplix. 

Queplix  recently  announced  Que- 
Cloud,  an  upgrade  to  a  previous  product  that 
helped  companies  move  old  applications  into 
virtualized  servers  based  on  VMware  or  Xen. 
Starting  in  the  fourth  quarter,  QueCloud  will 
support  deployment  of  existing  applications  to 
Amazon’s  Elastic  Compute  Cloud. 

The  target  market  includes  companies  that 
have  invested  loads  of  money  into  legacy  appli¬ 
cations  that  are  so  old  they  aren’t  supported 
by  the  software  vendor,  says  Queplix  CTO  and 
founder  Steve  Yaskin.  Converting  PeopleSoft  or 
Siebel  applications  is  one  possibility. 

“We  take  legacy  systems  and  move  them  into 
the  cloud,”  Yaskin  says.  “The  result  is  a  brand 
new  application  that  looks,  behaves  and  main¬ 
tains  workflows  just  like  the  old  legacy  system 
but  there’s  essentially  nothing  left  from  the 


Meyer,  for  now,  is  holding  fast  and  not  con¬ 
templating  any  alternative  vendor  options. 

“This  is  still  a  wait-and-see  scenario,”  he  says. 
“How  much  of  this  will  be  a  replay  of  Bay/Nortel?” 
he  asks,  referring  to  Nortel’s  1998  acquisition  of 
Bay  Networks,  which  largely  crippled  the  No.  2 
player  to  Cisco  in  routers  and  switches.  “This  is 
going  to  be  really  interesting  to  watch.”  H 


legacy  system.  We’re  not  using  its  code.” 

The  process  takes  a  couple  of  weeks  and  has  a 
few  steps.  A  crawler  searches  through  the  data¬ 
base  to  extract  information  such  as  business 
entities,  metadata,  user  IDs  and  permissions, 
and  builds  new  user  interface  screens.  Second, 
a  designer  module  lets  administrators  custom¬ 
ize  the  look  and  feel  of  the  system  and  make 
improvements  over  the  original  user  interface. 
QueCloud  deploys  the  workload  to  Amazon  as 
an  application  that  will  seem  almost  identical  to 
users,  but  code  has  been  replaced  by  Java  code. 

The  rewritten  application  for  the  cloud  will 
support  advanced  features  such  as  search, 
auditing,  data  compliance,  and  automatic  alerts 
for  security  breaches,  he  says. 

The  price  would  likely  limit  QueCloud  to  large 
enterprises.  Yaskin  says  the  cost  ranges  from 
$150,000  to  nearly  $1  million  depending  on 
the  nature  of  the  legacy  system  and  how  many 
applications  the  customer  wants  to  convert.  The 
price  can  still  be  much  less  than  the  support  fees 
enterprises  pay  to  maintain  out-of-date  systems, 
according  to  Yaskin.  ■ 


Moving  legacy  applications 
to  the  Amazon  cloud 
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TECHUPDATE 

An  inside  look  at  technologies  and  standards 


Midspans  for  next-gen  PoE 


BYSANIRONEN 


With  the  ratification  of  the  IEEE 
802. 3at  standard  this  month, 
Power  over  Ethernet  will  be  ready 
to  deliver  30W  of  power  per  port 
to  a  broad  range  of  gear  —  every¬ 
thing  from  802.11n  equipment  to  IP  video  and 
thin  clients.  As  such,  you  need  to  establish  an 
enterprise-grade  PoE  plan  that  optimizes  flex¬ 
ibility,  scalability,  energy  efficiency,  reliability, 
safety,  maintenance  and  management. 

One  of  the  biggest  predictors  of  PoE  flexibility 
and  scalability  is  whether  it  is  delivered  via  the 
network  switch  or  through  a  piece  of  equipment 
called  a  midspan.  PoE  switches  and  midspans 
both  deliver  the  same  amount  of  power  over  the 
same  distances.  However,  today’s  PoE-enabled 
switches  deliver  basic  industry-standard  PoE 
capabilities  to  some  or  all  network  ports,  with 
very  few  options  over  how  that  power  is  man¬ 
aged  or  budgeted. 

In  contrast,  a  midspan  is  a  small,  stand-alone 
piece  of  standards-compliant  PoE  equipment 
that  sits  between  the  existing  switch  and  powered 
devices,  and  injects  power  into  the  data  line  using 
significantly  more  energy-efficient  intelligent 
power  management  and  allocation  techniques 
than  are  available  with  PoE  switches.  Midspans 
also  offer  a  variety  of  cost-saving  power-infra- 
structure  monitoring  and  maintenance  capabili¬ 
ties  that  PoE  switches  do  not  include. 

Typically,  midspans  offer  the  most  flexible, 
scalable  and  energy-efficient  solution,  especially 
for  first-time  PoE  deployment.  Unless  the  exist¬ 
ing  data  network  infrastructure  is  inadequate, 
or  you  need  to  simultaneously  upgrade  both  the 
data  and  power  infrastructure  with  a  new  PoE- 
capable  switch,  midspans  are  the  best  upgrade 
choice.  They  require  no  changes  to  the  existing 
switch  or  Cat-5  (and  above)  cabling,  and  are  gen¬ 
erally  compatible  with  any  Ethernet  switch. 

The  latest  midspans  incorporate  a  number 
of  features  that  enhance  energy  efficiency,  reli¬ 
ability  and  safety,  flexibility  and  scalability,  and 
management  and  maintenance. 

Energy  efficiency:  A  poorly  designed  PoE 
infrastructure  can  be  a  large  energy  drain.  PoE 
is  already  the  greatest  heat  generator  in  most 
switching  closets.  Cooling  challenges  are  con¬ 
sidered  the  biggest  potential  roadblock  for  wide¬ 
spread  high-power  PoE  deployment. 

Midspans  solve  this  problem  because  they 
diminish  heat  concentration.  By  delivering  only 
the  power  necessary,  they  are  a  green  alternative 
to  PoE  switches.  Midspans  can  be  used  alone  or 
combined  with  PoE  switches  to  power  both  low- 
and  high -power  devices. 

The  latest  enterprise-grade  midspans  owe 
much  of  their  efficiency  to  their  distributed 


power  architecture.  A  48-port  switch  with 
800 W  of  full  IEEE802.3af  power  per  port  might 
use  only  20  ports  at  once  and  waste  80W  of  qui¬ 
escent  power.  In  high-power  IEEE802.3at  appli¬ 
cations,  it’s  rare  for  any  single  port  to  require  full 
power.  Therefore,  today’s  enterprise-grade  PoE 
midspans  augment  smaller,  more  economical 
internal  default  power  supplies  with  external 
power  supplies  for  incremental  additional 
power,  or  for  redundancy. 

This  distributed  architecture  improves  sys¬ 
tem  efficiency  and  reduces  cooling  costs  since 
smaller  supplies  require  smaller  and/or  lower- 
speed  fans.  Using  this  approach,  midspans  also 
can  back  each  other  up,  with  one  or  multiple 
additional  power  supplies  serving  the  highest- 
priority  system  ports. 

Reliability  and  safety:  Next-generation  dis¬ 
tributed  PoE  power  architectures  also  improve 
reliability  through  prioritized,  per-port  backup. 
And  there  are  reliability  and  safety  consider¬ 
ations.  For  instance,  be  wary  of  solutions  that 
promise  greater  than  60  W/port.  Anything  above 
60W/port  can  pose  standards-compliance  prob¬ 
lems,  and  anything  over  lOOW/port  poses  sig¬ 
nificant  safety  risks.  It  should  be  noted,  however, 
that  60 W/port  can  often  be  an  attractive  option, 
and  standards  compliance  for  this  option  is  pos¬ 
sible  by  delivering  power  over  all  four  pairs  of 
Ethernet  Cat-5  cable,  which  also  improves  effi¬ 
ciency  compared  with  two-pair  products. 

Four-pair  powering  enables  60  W  of  power  to 
be  delivered  with  a  low  600mA  current  rather 
than  the  1.2A  level  of  two-pair  midspans.  This 
means  for  the  same  60W  at  the  source,  51W  can 
be  delivered  over  Cat-5  cable  via  four-pair  solu¬ 
tion,  compared  with  42W  for  two-pair  solutions. 
Additionally,  this  same  four-pair  configuration 
can  be  used  to  power  two-pair  devices  with  30  W 
of  power,  while  dissipating  up  to  half  the  power 
and  consuming  almost  15%  less  energy  than 
conventional  two-pair  solutions.  This  translates 
into  savings  of  approximately  $25  per  year  per 
powered  device,  assuming  energy  costs  of  $0.10 
per  kilowatt  hour  (KWH). 

Flexibility  and  scalability:  Flexibility  is 
ensured  through  the  inclusion  of  a  gigabit 
interface  so  midspans  can  support  high-power 
gigabit  video  phones,  WiMAX  transmitters  or 
802.11n  access  points.  These  and  other  devices, 
such  as  Pan-Tilt-Zoom  (PTZ)  cameras  and  thin 
clients,  also  require  two-event  classification  sup¬ 
port  per  IEEE  802.3at  specifications. 

Additionally,  the  inclusion  of  an  interlocking 
feature  enables  enterprise-grade  midspans  to 
scale  the  power  infrastructure  in  one-port  mid¬ 
span  increments  as  new  powered  devices  are 
added.  Among  1U  multi-port  options,  there  also 
are  configurations  that  deliver  36W/port  and  a 
total  of 864 W  in  up-to-24-port  versions,  or  up  to 


48  ports  of  IEEE802.3af  power.  There  also  is  the 
virtual  48-port  2U  IEEE802.3at  option. 

Other  midspan  options  that  enhance  flex¬ 
ibility  include  the  ability  to  use  DC  inputs  with 
external  power  supplies  for  incremental  power 
capacity  or  redundancy,  and  flexible  powering 
from  AC,  DC  or  another  midspan.  Intercon¬ 
nected  midspans  can  back  each  other  up. 

Management  and  maintenance:  Today’s 
enterprise-grade  PoE  infrastructure  must  have 
remote  power- management  capabilities  that 
support  both  IPv4  and  IPv4/6  addressing.  This 
allows  efficient  monitoring  and  control  of  pow¬ 
ered  devices,  which  increases  in  importance 
with  network  size  and  complexity.  A  key  require¬ 
ment  is  the  availability  of  a  remote  power-off/ - 
power-on  feature  so  selected  ports  may  be  shut 
down  during  the  day,  which  can  reduce  power 
consumption  by  70%.  Each  device’s  power 
consumption  can  be  measured  and  its  average 
power  consumption  can  be  actively  reduced. 

Remote  power  management  also  enables 
unit  scheduling,  UPS  power  monitoring  and 
Web-based  monitoring.  Malfunctioning  remote 
devices  can  be  reset,  eliminating  an  expensive 
service  call.  Enterprise-grade  midspans  also 
enable  centralized  control  of  multi-site  or  multi¬ 
building  installations,  with  support  for  imme¬ 
diate  alert  (for  example  E911)  and  response  if 
IP  phone  status  changes.  When  the  midspan  is 
integrated  with  a  UPS  system,  the  remote  power- 
off/power-on  capability  also  enables  low-priority 
ports  to  be  disconnected  during  power  failures. 

Remote  power  management  must  be  per¬ 
formed  in  a  secure  fashion.  SNMPv3  manage¬ 
ment  is  recommended  to  prevent  malefic  agents 
from  interfering  with  network  operations. 

Enterprise-grade  midspans  deliver  these 
capabilities  while  offering  a  superior  alternative 
to  wholesale  switch  upgrades.  They  also  make 
it  possible  to  plan  ahead  —  by  using  midspans 
that  power  on  spare  pairs  as  required  by  the  PoE 
standard,  a  network  will  be  ready  for  four-pair 
powering  with  future  PoE  switches.  These  and 
other  future-proofing  strategies  will  maximize 
operational  effectiveness  over  the  life  of  the 
installation.  ■ 

Ronen  is  product  marketing  manager,  Pow- 
erDsine  Midspans,  with  Microsemi’s  Analog 
Mixed  Signal  Group.  Contact  him  at  sronen@ 
microsemi.com. 

This  vendor-written  tech  primer 
has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter’s  approach. 


26  SEPTEMBER  21  -  28 , 2009  www.networkworld.com 


CALL 

FOR 


to  Watc  h 

AWARDS  2010 


We’re  looking  for  the  next  generation  of  standout  IT  leaders.  The 
CIO  Ones  to  Watch  Award  honors  the  rising  stars  in  IT— the  senior  staff 
destined  to  become  the  CIOs  of  the  future— as  identified  and  sponsored 
by  the  CIOs  of  today’s  leading  organizations. 


Apply 


Be  Seen 


Candidates  may  be  nominated  by  their  CIO  based  upon  several 
characteristics  including  the  proven  ability  to  lead  teams  and  change, 
drive  innovation  and  deliver  value  to  the  business.  Candidates  may 
also  nominate  themselves  or  be  nominated  by  a  colleague  -  all 
nominations  must  be  endorsed  by  a  CIO.  The  awards  are  judged  by 
a  panel  of  veteran  CIOs  experienced  in  leadership  development  and 
understand  the  characteristics  that  prepare  today’s  IT  managers  to 
be  tomorrow’s  successful  CIOs. 

Apply  today  at:  cio.com/otw 

Winners  will  be  honored  during 
the  sixth  annual  CIO  Leadership 
Event  May  2-4,  2010,  at  the 
Broadmoor  in  Colorado  Springs, 
featured  in  the  May  issue  of  CIO 
magazine  and  online  at  cio.com 

BUSINESS  TECHNOLOGY  LEADERSHIP 


Produced  by 


Don’t  Be  Late 


Nominations  accepted  through 
October  15.  For  more  information 
about  this  prestigious  program 
visit:  cio.com/cio-awards 


In  partnership  with  sister  organization 


CIO 


CIO  Executive  Council 


Leaders  Shaping  the  Future  of  Business 


GEARHEAD  BY  MARK  GIBBS 


Improving  Excel  and  Yahoo  Pipes 


MICROSOFT  EXCEL  IS  brilliant.  Except  when 
it  isn’t.  And  a  major  place  where  it  isn’t  is  when 
you  have  an  Excel  spreadsheet  with  a  number  of 
cells  containing  strings  (any  sequence  of  ASCII  characters)  and  you  wish 
to  concatenatethese  separate  strings  into  one  big  string  in  another  cell. 

Excel  does  provide  a  function  that,  to  the  optimistic  neophyte,  would 
seem  to  do  the  job:  It  is,  not  surprisingly,  called  Concatenate. 

The  problem  with  Concatenate  is  that  you  can’t  tell  the  function  to  do  its 
job  for  a  range  of  cells  (such  as  Al:  AlO).  Nope,  you  have  to  list  each  cell  to  be 
munged  together.  It  also  doesn’t  support  any  kind  of  separator  character  to 
be  placed  between  the  concatenated  strings.  In  short,  Concatenate  is  about 
as  useful  as  go-faster  stripes  on  a  modem. 

I  just  needed  to  concatenate  a  whole  mess  o’  strings  in  a  spreadsheet  (sev¬ 
eral  hundred  in  groups  into  a  score  of  big  strings)  and  so  I  went  a-lookin’ 
for  a  solution  and,  stap  me  vitals,  if  I  didn’t  stumble  across  the  answer:  A 
nice  little  VBA  function  (http://tinyurl.com/m46ue3 )  created  by  Pearson 
Software  Consulting.  While  many  of  us  are  probably  quite  capable  of  cre¬ 
ating  a  similar  function,  why  reinvent  the  wheel? 

This  little  chunk  of  code  allows  you  to  sensibly  concatenate  literal  text: 

=StringConcat(“|”,TRUE,”A”,”B”,”C”) 

This  returns  “A|B|C”.  You  can  also  concatenate  text  in  a  range  of  cells  and 
even  use  a  formula  to  filter  the  array: 

=StringConcat(“,“, TRUE, IF(B30:B39>4,C30:C39, ’’’’)) 

This  will  create  a  string  containing  a  comma- separated  list  of  all  values 
greater  than  4  in  the  given  cell  range. 

Check  out  Pearson’s  Excel  page  for  more  useful  Excel  functions  including 
an  Internet  file  download  function  and  even  a  function  to  create  Globally 
Unique  Identifiers.  Pearson  gets  a  rating  of  5  for  their  excellent  free  code. 


While  it  is  true  that  you  can  do  many  remarkable  things  in  terms  of 
transforming  data  using  Excel,  there  are  all  sorts  of  transformations,  par¬ 
ticularly  those  that  involve  “live”  data  from  the  Internet,  that  Excel  can’t 
do  easily. 

You  should  check  out  Yahoo  Pipes,  which  provides  a  service  that  routes 
data  from  one  or  more  sources  to  an  output.  In  its  simplest  forms  you  could 
use  a  pipe  to  grab  one  or  more  input  RSS  feeds  and  merge  them  into  a  single 
output  RSS  feed.  Or  you  might  get  fancy  and  filter  the  input  feeds  so  only 
feed  items  containing,  say,  the  term  “oyster”  appear  in  the  output  feed.  (You 
would,  of  course,  have  to  name  this  feed  “The  World  is  my  Oyster  Feed”.) 

The  beautiful  thing  about  Pipes  is  it  is  driven  by  a  Web-based  graphical 
user  interface  that  uses  drag  and  drop  to  arrange  functional  blocks  and 
draggable  connections  to  wire  them  together. 

For  inputs  you  can  use  not  only  RSS,  Atom,  RDF  and  iCal  feeds,  but  also 
CSV,  XML,  JSON  and  KML  files,  the  text  from  whole  Web  pages  or  even 
pull  in  Flickr  photos,  Yahoo  Local  items,  Yahoo  Search  and  Google  Base 
data  through  search  queries. 

But  wait,  there’s  more!  You  can  also  use  the  Yahoo  Query  Language 
(YQL)  Web  Service.  YQL  provides  access  to  Internet  data  through  SQL- 
like  commands  and  returns  it  in  XML  or  JSON  format. 

You  can  also  add  user  input  (date,  time,  numeric,  text  and  URL  formats) 
and  define  private  variables,  which  can  be  used  to  store  things  such  as  pri¬ 
vate  API  keys  so  if  you  make  the  pipe  details  public  your  personal  data 
isn’t  copied. 

Next  week  well  start  building  something  cool  using  Pipes.  ■ 

Gibbs  is  doing  virtual  plumbing  in  Ventura,  Calif.  Your  pipe  dreams 
gearhead@gibbs.com. 
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iTunes’  Home  Sharing  nice,  but  could  be  nicer 
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OUT  OF  ALL  the  new  product 
announcements  from  Steve 
Jobs  at  Apple’s  most  recent 
shindig,  I  was  most  intrigued  by  a  feature  in  the  new 
iTunes  software:  Home  Sharing. 

What  it  is:  Imagine  you  have  put  most  of  your  digital 
music  on  PC  No.  1,  but  a  few  years  later  you  decided  to 
install  iTunes  on  your  work  notebook,  and  then  a  new 
Windows  Vista  notebook  that  you  bought.  Sure,  you  could 
grab  a  USB  hard  drive  and  manually  copy  all  of  the  music 
files,  but  wouldn’t  it  be  easier  to  just  transfer  those  files  over 
your  Wi-Fi  network? 

That’s  the  basic  idea  behind  Home  Sharing  -  it  lets 
iTunes  owners  with  multiple  PCs  (and  Macs)  within  the 
same  network  listen  to  (or  even  copy)  music  stored  on 
other  systems. 

Why  it’s  cool:  A  library  sharing  feature  was  available  on  earlier  iTunes 
versions,  but  Home  Sharing  is  much  easier  for  people  to  enable  and  use.  A 
simple  enable/disable  function  lets  you  decide  whether  you  want  to  share 
your  content  with  others  on  the  network.  When  your  next  system  turns  on 
iTunes  and  enables  Home  Sharing,  the  software  sees  the  first  library,  and 
you  can  play  those  songs  over  the  network,  or  copy  files  to  the  new  system. 
A  nice  part  of  this  is  the  ability  to  display  only  those  files  not  already  on 
the  second  system,  although  I  discovered  that  some  CDs  I  had  burned  on 
one  PC  were  already  on  the  second,  but  under  a  different  title  —  an  error  I 
attribute  to  the  CD  database  not  having  the  correct  title  at  some  point. 

Some  caveats:  Unfortunately,  the  software  didn’t  work  correctly  all  the 
time.  A  bug  prevented  Home  Sharing  on  a  third  machine  from  seeing  my 


New  and  Noteworthy  mmd 


m  *i 

r  i 


other  two  systems  .  The 
system  said  that  Home 
Sharing  was  enabled,  but 
it  couldn’t  see  the  other  two 
libraries  on  the  other  two 
systems.  Despite  several 
attempts  to  fix  this,  includ¬ 
ing  opening  firewall  ports 
and  enabling  sharing  fea¬ 
tures  on  all  the  systems,  I 
couldn’t  solve  this  problem. 
A  scan  of  Apple  forums  and 
Google  searches  indicated 
this  was  a  problem  for 
other  users  as  well.  Hope¬ 
fully  Apple  can  fix  this. 

In  addition,  the  software 

only  works  on  systems  connected  with  the  same  iTunes  accounts.  My  wife 
has  a  separate  iTunes  account,  so  I  can’t  transfer  purchased  music  from  her 
Mac  into  oneofmyPCs.I  could  copy  the  file  from  her  Mac  onto  a  thumb  drive 
and  transfer  the  song  to  my  system,  and  then  authorize  the  computer  to  play 
that  song,  but  it  would  seem  easier  to  just  allow  multiple  iTunes  accounts, 
as  long  as  you  were  still  under  the  limit.  Apple  should  just  forget  about  all 
of  this  authorized  music  business  anyway  (they  already  offer  DRM-free 
versions). 

Grade:  ★★  (out  of  five) 

Shaw  can  be  reached  at  kshaw@nww.com.  Follow  him  on  Twitter. 


iTunes  Home  Sharing  allows  users 
to  transfer  music  files  via  Wi-Fi. 
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Wi-Fi  eyes  global  domination 

Ratification  of  802. lln  standard  boosts  WLAN’s  challenge  to  Ethernet 


BY  C.J.  MATHIAS 


f  your  reaction  to  the  recent  ratification  of 
the  802. lln  standard  was  a  loud  yawn  or 
a  “what  took  them  so  long,”  you’d  certainly 
have  some  justification. 

After  all,  it  took  the  IEEE  seven  grueling 
years  to  finalize  the  standard.  And  “pre-standard” 
products  have  been  shipping  since  2007.  In  fact, 
wireless  vendors  report  that  the  majority  of  their 
shipments  are  pre-standard  802.11n  gear. 

But  let’s  not  gloss  over  what  a  stunning  accom¬ 
plishment  this  really  is.  Or  what  it  will  mean 
down  the  road  in  terms  of  wireless  technology 
becoming  the  dominant  network  technology  in 
enterprise  shops. 

First,  a  tip  of  the  hat  to  the  hundreds  of  partici¬ 
pants  who  hammered  away  for  a  good  five  years 
on  the  details  of  the  standard. 

A  lot  of  the  time  it  wasn’t  pretty.  But  the  result 
is  a  total  rewrite  of  the  original  1997  wireless 
standard  that  puts  in  place  the  underlying  tech¬ 
nologies  that  will  carry  the  wireless  LAN  indus¬ 
try  and  its  growing  base  of  hundreds  of  millions 
of  users  for  the  foreseeable  future. 

While  there  are  other  radio  technologies  under 
development,  nothing  will  replace  802.11n  any¬ 
time  soon.  But,  in  time  802. lln  will  replace 


802.11b  and  g,  while  still  providing  backwards 
compatibility  with  these  earlier  standards. 

802.11n  delivers  improved  throughput,  range 
and  reliability  across  a  broad  range  of  configura¬ 
tion  possibilities,  and  thus  cost  and  price  points. 

Implementations  can  be  basic  —  one  radio  on 
the  transmitting  side  and  one  on  the  receiving 
side  offering  up  to  150Mbps,  compared  with  the 
54Mbps  of 802.11g.  Or  more  complex  —  the  com¬ 
monly  deployed  2x2  and  2x3  configurations  can 
deliver  up  to  300Mbps,  and  a  4x4  implementa¬ 
tion  offers  up  to  600Mbps  (all  of  these  being  peak 
numbers). 

Prices  of 802.11n  products  have  fallen  dramati¬ 
cally,  as  is  always  to  be  expected  where  VLSI  chip 
manufacturing  is  concerned,  to  the  point  where 
802.11n  products  today  cost  about  the  same  as 
chips  based  on  802.11g  just  two  years  ago. 

Built-in  802.11n  adapters  are  featured  in  most 
new  notebooks  and  even  in  many  netbooks,  and 
every  enterprise-class  vendor  of  Wi-Fi  systems 
is  offering  802.11n  products  today. 

it’s  the  Wi-Fi,  stupid 

The  reason  for  this  success  is  the  approval 
in  2007  by  the  Wi-Fi  Alliance  of  an  interim 
interoperability  specification  for  802.11n,  based 
on  Draft  2  of  the  standard. 


This  specification  is  largely  behind  the  percep¬ 
tion  that  802.11n  was  completed  some  time  ago; 
after  all,  we  ultimately  buy  Wi-Fi,  not  802.11 
anything.  There  are  no  conformance,  compli¬ 
ance  or  compatibility  tests  for  802.11  per  se;  that 
role  has  been  assumed  by  the  Wi-Fi  Alliance, 
whose  many  efforts  have  culminated  in  what  is 
arguably  the  most  successful  trade  association 
ever. 

Indeed,  after  the  torturous  process  that 
marked  the  early  days  of 802.11n,  with  political 
(and,  to  be  fair,  some  technical  as  well)  infighting 
among  such  long-forgotten  vendor  groups  as 
MitMot,  TGnSync  and  WWiSE,  it  was  essential 
for  the  Alliance  to  step  in  and  bring  some  calm 
and  order  to  what  is  the  often-ugly  process  of 
standards  creation. 

And,  as  was  the  case  with  the  original  802.11 
standard,  which  also  took  seven  years,  the  Wi-Fi 
Alliance’s  stamp  of  approval  on  an  interim  spec 
was  the  key  enabling  factor  for  market  success. 

As  to  the  amount  of  time  required  for  802.11n 

to  be  created  and  finalized,  the  IEEE  standards 

development  process  itself  is  designed  to  limit  £ 

throughput,  as  it  were,  in  the  interest  of  reaching  c 

the  best  possible  conclusion.  I 

1 1 

Keep  in  mind  that  a  standard  from  a  recog-  g 
nized  standards-creation  body,  such  as  the  S 
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Destination  domination 

Timeline  of  key  milestones 
on  the  road  to  802.11n. 

Sept.  11,  2002 

First  meeting  of  the  High- 
Throughput  Study  Group  (HTSG). 

Sept.  11,  2003 

IEEE  approves  Project  Authorization 
Request  (PAR)  to  develop  standard 
that  boosts  WLAN  throughput  to  at 
least  100Mbps  as  measured  at  the 
MAC  data  service  access  point. 

Sept.  15,  2003 

First  meeting  of  the 
802.11  Task  Group. 

May  17,  2004 

Call  for  proposals. 

Sept.  13,  2004 

32  proposals  are  heard. 

March  2005 

Proposals  whittled  down  to  one. 

This  proposal  fails  to  win  required 
75%  vote  of  task  force  members. 

July  2005 

Competitors  TGn  Sync,  WWiSE, 
and  a  third  group,  MITMOT,  agree  to 
merge  their  respective  proposals. 

January  2006 

Task  Group  approves  the  joint 
proposal's  specification. 

May  2006 

Proposal  fails  to  win  75% 
approval  from  IEEE  802.11 
Working  Group  voters. 

January  2007 

The  IEEE  802.11  Working 
Group  approves  Draft  2.0  of 
the  proposed  standard. 

February  2007 

Draft  2.0  approved  via  letter  ballot. 

June  2007 

The  Wi-Fi  Alliance  announces 
its  official  certification  program 
for  devices  based  on  Draft  2.0. 

July  2009 

Final  Working  Group  approval. 

Sept.  11,  2009 

Standards  Board  approval. 

January  2010 

Publication  of  standard. 


IEEE,  has  essentially  the  force  of  law.  The  IEEE 
has  taken  great  pains  to  assure  that  standards 
development  follows  the  principles  of  “due  pro¬ 
cess,  openness,  consensus  and  balance”  and  that 
the  “right  of  appeal”  is  preserved  at  every  step. 

Complaints  about  the  standards  that  result 
are  indeed  rare,  other  than,  of  course,  regarding 
the  amount  of  time  involved  to  embody  them. 
Most  infighting  is  the  result  of  either  strongly 
held  technical  positions,  the  desire  to  have  one’s 
intellectual  property  incorporated  into  the  stan¬ 
dard,  or  to  preserve  one’s  technical  lead  in  the 
market. 

The  Wi-Fi  Alliance  has  stated  that  its  revised 
certification  process  based  on  the  final  standard 
will  “preserve  interoperability”  with  the  cur¬ 
rent  spec,  again  based  on  Draft  2.0  of  the  stan¬ 
dard.  With  existing  investment  thus  protected, 
we  expect  the  progress  of  802. lln  towards  all 
but  certain  dominance  on  a  global  basis  will 
accelerate. 

This  outcome  was  essentially  enabled  by  the 
fact  that  few  substantive  changes  were  made 
between  Draft  2.0  and  the  final  standard.  The 
most  significant  issue  tackled  was  in  enhanc¬ 
ing  coexistence  with  current  802.11-based 
products. 

No  reason  to  delay 

Even  the  most  conservative  IT  shops  have  no 
reason  left  to  avoid  or  postpone  the  adoption 
of  802.11n.  Farpoint  Group  recommends  that 
802.11n  be  deployed  only  in  the  5GHz  bands 
for  most  applications.  A  concern  expressed  by 
many  potential  customers  has  been  with  regard 
to  both  interference  and  coexistence  in  the  well- 
subscribed  2.4GHz  spectrum. 

But  there’s  really  no  reason  to  upset  current 
802.11g  or  802.11b  infrastructure,  at  least  for  the 
time  being;  the  5GHz.  bands,  initially  used  only 
for  the  sparsely  deployed  802.11a,  have  plenty  of 
free  spectrum  for  use  of  even  the  40MHz  802.11n 
channels  that  yield  the  highest  performance. 

We  don’t  recommend  operating  802.11n  in  the 
same  channel  with  earlier  technologies,  even 
though  this  mode  of  operation  is  allowed  in  the 
standard.  Performance  for  both  technologies 
will  suffer,  and  there’s  usually  a  lot  of  otherwise 
unoccupied  spectrum  above  SGHz  for  greenfield 
802.11n  buildouts. 

For  vendors,  802. lln  is  now  part  of  the  jacks- 
or-better  required  to  be  in  the  WLAN  game. 
Going  forward,  the  real  focus  will  shift  to  the 
remainder  of  the  system,  not  the  radio. 

Recent  announcements  from  the  major  play¬ 
ers  have,  for  example,  focused  on  the  control 
plane,  which  can  be  thought  of  as  the  operating 
system  of  enterprise-class  WLAN  infrastruc¬ 
ture  and  the  element  where  traffic-control  policy 
is  implemented. 

Advances  in  traffic  scheduling  are  yield¬ 
ing  significant  improvements  in  performance 
irrespective  of  the  particular  radio  technology 
employed.  Traffic  analysis  has  been  employed  in 
operating  systems  for  years,  with  very  positive 
results.  So  knowing  what  to  move,  and  when  to 


move  it,  is  likely  to  provide  the  next  performance 
boost  beyond  802.11n  alone. 

While  some  have  argued  that  overprovision¬ 
ing  should  be  sufficient  to  assure  the  through¬ 
put  and  responsiveness  required,  this  approach 
ignores  the  fact  that  demands  on  networks  only 
grow  over  time,  in  terms  of  not  just  throughput, 
but  also  number  of  clients,  data  object  size,  duty 
cycles  and  requirements  for  time-boundedness. 
Yes,  802. lln  provides  a  significant  increase  in 
capacity,  but  it  unlikely  to  be  sufficient  in  and  of 
itself  to  meet  most  enterprise  requirements. 

The  remainder  of  the  infrastructure,  in  both 
the  control  and  management  planes,  is  likely  to 
be  the  key  differentiator  from  this  point  forward, 
rather  than  specific  802. lln  radios. 

Beyond  100Mbps 

The  IEEE’s  802.11  group  is  working  on  even  more 
additions  to  the  standard,  including  boosting 
throughput.  While  802.11n  will  offer  through¬ 
put  potentially  greater  than  the  100Mbps  still 
common  in  many  enterprise  settings,  it  cannot 
achieve  anything  close  to  gigabit  Ethernet. 

For  this  reason,  802.11  has  formed  two  task 
groups  to  specify  wireless  links  in  excess  of 
lGbps:  802.11ac  is  using  spectrum  below  6GHz, 
and  802.11ad  is  looking  at  spectrum  around 
60GHz.  Multi-gigabit  throughput  for  both  is  a 
real  possibility,  although  there  are  issues  with 
range  and  propagation  at  millimeter-wave 
frequencies. 

So  while  gigabit  Ethernet  is  a  more  than  desir¬ 
able  option  for  interconnecting  802.11n  access 
points,  it  will  very  likely  see  its  role  as  a  primary 
access  technology  challenged  by  future  802.11 
developments. 

The  standards  group  also  is  continuing  work 
on  such  diverse  areas  as  meshes  (802.11s),  man¬ 
agement  (802.11v)  and  management-frame  secu¬ 
rity  (802. llw),  video  streaming  (802.11aa),  to 
name  but  a  few.  Similarly,  the  Wi-Fi  Alliance  is 
hard  at  work  on  such  areas  as  wireless  network 
management,  certifying  some  optional  features, 
enterprise-grade  enhancements  to  their  Voice 
Certification,  security  enhancements  to  address 
management  frames  (corresponding  to  802.11w) 
and  a  very  significant  program  for  device-to- 
device  connectivity. 

The  opportunities  at  this  point  appear  unlim¬ 
ited.  We  believe  802.11n  will  play  a  major  role  in 
the  future  of  cellular  networks,  as  the  carriers 
increasingly  rely  on  Wi-Fi  to  offload  both  voice 
and  data  on  their  crowded  (and  expensive)  spec¬ 
trum.  802.11n  will  become  a  fixture  in  both  dual¬ 
mode  cellular  and  dedicated  cordless  handsets 
over  the  next  few  years.  Wi-Fi  is  even  making 
inroads  as  a  personal-area  network  technology. 

With  the  ratification  of 802.11n,  WLANs  have 
taken  another  big  step  forward  towards  ubiq¬ 
uity  across  enterprises,  applications,  and,  for 
that  matter,  the  entire  planet.  ■ 

Mathias  is  a  principal  at  Farpoint  Group,  a  wire¬ 
less  advisory  firm  in  Ashland,  Mass.  He  can  be 
reached  at  craig@farpointgroup.com. 
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Netbooks:  Are  they  ready 
for  the  enterprise? 

5  reasons  to  adopt  netbooks;  5  reasons  to  wait 


BY  JAMES  E.  GASKIN 


Netbooks  are  winning  over  consumer  hearts  and  credit  cards.  While  some  con¬ 
sumer  products,  such  as  iPhones,  have  pushed  their  way  into  the  enterprise, 
netbooks  haven’t.  Is  it  just  a  matter  of  time  before  netbooks  become  an  enter¬ 
prise  staple  or  will  they  remain  a  consumer-only  product? 

To  help  you  decide,  here  are  five  reasons  netbooks  should  be  con¬ 
sidered  for  enterprise  use,  along  with  five  reasons  to  think  twice. 

First,  we  must  agree  on  a  definition.  The  primary  charac¬ 
teristic  is  a  10-inch  diagonal  screen,  which  makes  the 
netbook  far  smaller  and  a  different  form  factor  than  a 
laptop.  The  second  defining  detail  is  the  small,  power¬ 
saving  Atom  processor  from  Intel.  Finally,  the  tradeoff 
for  that  small  form  factor  is  the  lack  of  internal  CD  or  DVD 
optical  drives. 

Netbooks  remain  much  less  expensive  (less  than  $400)  than  most  lap¬ 
tops  on  approved  corporate  purchasing  lists.  Default  operating  systems  range  from 
Windows  XP  Home  to  various  Linux  flavors  to  the  Windows  7  Starter  Edition  promised 
by  Microsoft  in  October.  Wi-Fi  capabilities  ship  with  every  netbook,  while  3G  wireless  broadband 
support  is  common,  but  not  automatic. 


HP  has  a  similar  story.  “One  large  school 
district,  Fresno,  California,  has  bought  seven 
to  eight  thousand  of  our  mini-notebooks,”  says 
Helen  Daniel,  product  marketing  manager  for 
HP  commercial  notebooks.  “Several  large  dis¬ 
tricts  are  using  these  for  their  one-to-one  com¬ 
puting  initiative.” 

Rough  handling  by  students  was  one  reason 
HP’s  second-generation  netbook,  the  2140,  has 
an  all  metal  case,  3D  Drive  Guard  to  park  the 
hard  disk  heads  when  dropped,  and  a  spill- 
resistant  keyboard.  The  lowest-end  version  of 
the  2140  also  sells  for  less  than  $400. 


Price 

■  At  less  than  $400  for  many  models  and 
less  than  $300  at  the  low  end,  netbooks  are  less 
expensive  than  the  standard  enterprise  laptop. 
And  price  sensitive  verticals,  such  as  education, 
have  taken  notice.  The  leading  early  adopter  for 
netbooks  has  been  K-12  education  customers. 
Both  Dell  and  HP  tout  strong  netbook  sales  suc¬ 
cess  to  school  districts. 

“Our  Latitude  2100  models  are  focused  on 
education,”  says  Maulik  Pandya,  senior  plan¬ 
ning  manager  for  commercial  notebooks  at  Dell. 
"Enterprises  are  buying  them  on  a  pilot  basis, 
but  education  customers  are  buying  them  in 
boatloads.”  The  Dell  Latitude  2100s  list  for  less 
than  $400. 


Easy  access  to  apps  and 
■  data  for  mobile  workers 

The  second  largest  adoption  rate  for  netbooks 
has  been  by  healthcare.  Pam  Seale,  product 
marketing  manager  for  Absolute.com,  says, 
‘We’re  seeing  healthcare  customers  go  with 
netbooks  because  they  tend  to  plug  into  the  data 
they  need  rather  than  carry  it  on  the  computer.” 
Data  regulations  on  health  records  have  helped 
move  data  storage  from  devices  to  a  more  cen¬ 
tralized  and  controlla¬ 
ble  location.  Absolute, 
corn’s  CompuTrace 
product  helps  track 
and  recover  lost 
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computers.  Their  embedded  security  software 
works  on  netbooks  just  as  well  as  on  laptops. 


3  Portability  with 

■  extended  battery  life 


Smaller  and  lighter  than  many  of  the  books 
describing  them,  netbooks  started  with  8.9- 
inch  diagonal  screens,  but  10.2-inch  screens 
have  become  by  far  the  most  popular.  In  spite 
of  their  small  size,  many  models  boast  battery 
times  of  five  or  more  hours,  due  in  large  part  to 
the  Intel  Atom  processor. 

As  the  laptop  became  a  desktop  replacement 
and  screens  grew  to  as  large  as  17  inches,  ease 
of  portability  disappeared.  Netbooks  drop  into 
briefcases  almost  unnoticed,  and  also  into  many 
purses.  A  portable  computer  that  employees 
dread  carrying  doesn’t  do  the  company  much 
good,  but  a  netbook  screams  portability. 


4  Enterprise-level  management 
■  and  security 


Andre  Angel,  President  Americas,  NTRglobal, 
supplies  remote  control  and  management  soft¬ 
ware  to  service  companies.  “We  can  support 
client  netbooks  with  the  same  technology  we 
currently  use,  without  any  changes.” 

The  same  goes  for  endpoint  security  and 
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Because  it's  everybody's  Jr  business 
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Get  the  free  app  for  your  phone  at 

http://gettag.mobi 


TRENDANALYSIS 


endpoint  management 
software  from  Syman¬ 
tec.  “We’re  hearing  little 
about  netbooks  from 
enterprises,  but  our 
software  supports  them,” 
says  Christine  Ewing, 
director  of  product  marketing  for  endpoint 
management  at  Symantec.  “The  Atom  proces¬ 
sor  doesn’t  have  the  management  features  of 
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1  Underpowered 

■  Netbooks  are  not  general  purpose  com¬ 
puters  able  to  run  applications  as  fast  as  a  lap¬ 
top  that  features  a  more  powerful  Intel  proces¬ 
sor  and  more  RAM.  Designed  for  portability 
and  battery  life,  the  Intel  Atom  processor  sets 
no  performance  records.  Limited  RAM  support 
(1GB  to  2GB)  emphasizes  the  light  duty  aspect 
of  netbooks. 

2  Too  small 

■  Portability  comes  at  a  price,  and 
that  price  is  screen  and  keyboard  size. 
Those  with  large  fingers  or  weak  eyesight 
will  balk  at  the  netbook’s  smaller  key¬ 
boards  and  screens.  If  a  user  can’t  type  on 
the  keyboards  that  range  from  88%  to  94% 
of  regular  keyboard  size  (some  10-inch 
netbook  keyboards  feel  much  smaller  than 
that),  it  won’t  matter  how  well  the  netbook 
fits  on  the  airplane  tray  table. 

3  Default  OS  not  enterprise  ready 

■  The  vast  majority  of  netbooks  ship 
running  Windows  XP  Home,  an  operating 
system  that  does  not  play  well  with  enter¬ 
prise  directory  services.  Windows  7  Starter 
Edition  won’t  support  enterprise  domain 
integration,  either.  HP  and  Dell  both  offer 
operating  system  customization  and 
configuration  services,  and  companies 
can  image  the  hard  drive  of  netbooks 
using  their  own  Microsoft  licenses.  But 
that  extra  time  and  expense  eliminates  / 

some  of  the  cost  savings  as  a  driver  for  j 

netbook  adoption. 


Intel’s  vPRO  technology,  but  if  the  netbook  has 
an  enterprise  operating  system,  we  have  no 
problems.” 

5  Great  value  for  loaners 

■  Almost  everyone  contacted  relayed 
interest  from  IT  departments  for  netbooks  as 
inexpensive  “loaner  laptops”  for  employees  get¬ 
ting  their  regular  machine  serviced. 


4  No  optical  drive 

■  Airline  passengers  used  to  play  Soli¬ 
taire  on  their  laptops  but  today  they  play  DVDs. 
No  netbook  offers  an  internal  optical  drive, 
although  all  have  USB  ports  that  support  exter¬ 
nal  drives. 

For  security  reasons,  some  companies  disable 
CD  and  DVD  drives  to  stop  users  from  loading 
unauthorized  software,  so  this  may  be  a  wash. 
Enterprises  use  desktop  automation  software, 
not  optical  disks,  to  install  applications.  Travel¬ 
ing  employees  can  go  back  to  Solitaire. 

5  No  TPM  or  Biometric  Security 

8  Trusted  Platform  Module  is  a  secure 
cryptoprocessor  added  to  enterprise-class  lap¬ 
tops  by  many  manufacturers.  Without  TPM 
support,  Rob  Enderle,  principal  analyst  for 
the  Enderle  Group,  says,  “Successful  netbook 
deployments  in  the  enterprise  are  unlikely.” 


The  5%  solution? 

“Netbooks  are  trending  toward  5%  of 
the  market  now.  They  won’t  get  into  the 
double  digits,”  says  Dell’s  Maulik  Pan- 
dya.  Outside  K-12  education  and  some 
healthcare  applications  those  numbers 
will  probably  remain  true  for  the  next 
year  or  two. 

Yet,  as  netbooks  develop,  and  more 
companies  move  toward  a  thin  client, 
browser-based  application  model, 
those  percentages  will  move  upward. 
Consumers  love  netbooks,  and  pundits 
encourage  enterprise  IT  departments 
to  accept  a  growing  number  of  products 
first  adopted  by  consumers.  Since  users 
often  ignore  IT  guidelines,  get  ready  for 
the  netbook  question.  Enterprise  ready 
or  not,  some  number  of  netbooks  are  in 
your  future. 


BBMRBI 


While  insiders  say  off  the  record  that 
TPM  and  biometric  support  are  ordered 
on  laptops  far  more  often  than  imple¬ 
mented,  some  customers  demand  them. 
Price  will  keep  TPM  and  biometrics  off 
netbooks  for  the  foreseeable  future. 

“Cost  is  a  big  issue,”  HP’s  Daniel  says. 
“Our  education  customers  don’t  want  to 
pay  for  TPM  and  biometrics  they  won’t 
use.” 

Enhanced  security  may  come  from 
elsewhere,  however.  One  vendor  says  it 
is  working  on  facial  recognition  software 
that  uses  the  Web  cam  built  into  the  lid  of 
their  netbooks  for  security  authentica¬ 
tion.  It’s  not  yet  willing  to  go  on  record 
about  these  plans.  8 

Gaskin  writes  books,  articles  and 
jokes  about  technology  and  real  life 
from  his  home  office  in  the  Dallas 
area.  He  has  been  helping  small  to 
midsize  businesses  use  technology 
intelligently  since  1986.  He  can  be 
reached  at  readers@gaskiv. 
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Surveilled  to  death 


YOU  WANT  TO  know  all  about  my  personal 
details?  Easy  —  all  you  need  is  the  power  or  the 
money  because  the  data  is  there  for  the  taking. 

So,  how  is  this  data  acquired?  Let  me  count  the  ways:  For  a  start  there 
are  all  of  your  commercial  transactions,  such  as  your  bank  accounts  and 
money  transfers.  There  are  also  your  credit  card  purchases,  tax  records, 
medical  records,  all  interactions  with  government  agencies  and  your 
police  records. 

But  wait,  there’s  more!  There  are  also  your  telephone  and  cell  phone 
records  and,  potentially,  your  Web  browsing,  interactions  with  any  major 
Web  site,  anything  you  might  blog  or  tweet  or  post  on  Facebook  or  MyS- 
pace.  Oh,  and  there’s  your  entire  e-mail  usage.  Add  to  that  video  surveil¬ 
lance  and  it  becomes  clear  that  there’s  a  staggering  amount  of  detail  about 
your  life  available  to  anyone  with  the  right  connections  and  or  the  right 
amount  of  money. 

What’s  also  interesting  is  that  while  there’s  a  lot  of  evidence  that  video 
surveillance  does  little  to  deter  or  solve  crime,  there  are  all  sorts  of  techno¬ 
logical  developments  that  are  making  video  a  great  way  to  monitor  people’s 
activities.  For  example,  check  out  the  way  cool  People  Tracking  Demo  from 
Numenta,  which  will  give  you  a  taste  of  what  can  be  done. 

And  here’s  the  thing:  It  doesn’t  matter  how  many  laws  we  enact,  all  that 
intelligence  about  you  is  out  there,  waiting  to  be  used  and  abused. 

What  makes  this  worse  is  that  we’ve  also  become  obsessed  with  social 
networking  and  we  now  reflexively  share  way  too  much  and  in  so  doing  just 
help  build  a  more  detailed  picture  of  ourselves  for  the  world  to  peruse. 

Forget  the  common  complaint  about  Twitterers  sharing  their  luncheon 
plans.  It’s  the  photos,  jokey  messages,  dubious  comments  and  indiscreet 
postings  that  we  put  into  the  public  domain  through  e-mail,  Facebook, 


MySpace,  Linkedln,  et  al. 

There  are  no  end  of  stories  about  people  not  being  hired  because  they 
posted  something  to  Facebook  or  told  the  world  something  that  should 
never  have  been  made  public  (by  the  way,  the  recent  Mashable  article  about 
a  young  lady  being  accidentally  and  spectacularly  indiscreet  was  not  true 
—  her  account  was  apparently  hacked). 

This  whole  “being  open  to  the  whole  world”  business  has  already  gone 
too  far  and  will,  without  doubt,  go  much  further  and  then  what  will  hap¬ 
pen?  Will  we  all  start  to  be  constrained,  as  comedian  Marc  Maron  sug¬ 
gested,  by  “surveillance  induced  morality”  and  feel  compelled  to  do  “the 
right  thing”  for  fear  of  getting  found  out,  or  will  we  become  a  society  of 
pathological  obfuscators? 

Most  of  us  who  spend  a  lot  of  time  online  are  Used  to  being  “economical 
with  the  truth”.  For  example,  I  rely  on  a  tool  called  Roboform  that  lets  me 
fill  out  subscription  forms  at  the  press  of  a  button  using  multiple  fictitious 
profiles.  This  saves  me  all  sorts  of  aggravation  and  keeps  my  real  persona 
(that  of  an  IT  superhero)  safely  hidden. 

So,  here’s  my  question:  What  happens  when  the  idea  of  being  discreet 
and  obfuscating  online  becomes  something  that  isn’t  restricted  to  the  dige¬ 
rati?  Will  social  networks  collapse?  Will  people  start  to  be  more  guarded 
about  the  details  of  their  lives?  Or  will  that  never  happen  because  people 
in  general  will  never  “get  it”? 

Of  course,  whatever  we  do  or  don’t  do  won’t  matter  that  much  as  the 
lowdown  on  who  we  are  and  what  we  do  will  be  out  there  anyway.  And 
whether  we  like  it  or  not  our  details  are  always  available  to  those  who  are 
really  interested  and  have  the  power  and  money  to  dig  deep.  ■ 

Gibbs  isn't  in  Ventura,  Calif.  Tell  him  all  at  backspin@gibbs.com. 


NETBUZZ  BY  PAUL  McNAMARA 

T-Mobile  folds  plan  to  charge  for  paper  bill 


UNDER  THE  CLOUD  of  a  class-action  lawsuit 
and  battered  by  a  barrage  of  negative  publicity 
—  not  the  least  of  which  occurred  on  my  blog  — 
T-Mobile  has  decided  that  its  threat  to  gouge  customers  an  additional  $1.50 
per  month  to  continue  getting  a  paper  bill  wasn’t  worth  the  pixels  it  was 
written  on. 

The  extra  fee  was  announced  during  the  summer  and  was  to  have  kicked 
in  Sept.  12.  Here’s  how  T-Mobile  explained  the  about-face  on  a  customer 
message  board:  “T-Mobile  is  committed  to  encouraging  customers  to  make 
the  move  to  paperless  billing.  It’s  a  great  alternative  to  paper  and  better  for 
the  environment. 

“Since  the  announcement  we’ve  heard  everything  from  kudos  to  con¬ 
cerns  about  the  move  to  paperless  —  especially  from  our  customers  who 
today  are  receiving  paper  bills  at  no  charge.  So,  we’ve  decided  to  not  charge 
our  customers  a  paper  bill  fee  for  now.  Instead,  we’ll  be  taking  more  time  to 
determine  the  fairest  way  possible  to  encourage  people  to  go  paperless.” 

T-Mobile  had  some  time  ago  scaled  back  to  sending  customers  only  a 
summarized  written  bill  and  instituted  a  $2  monthly  fee  for  those  wish¬ 
ing  to  receive  a  more  detailed  accounting.  The  latter  fee  will  apparently 
remain  in  place. 

Reaction  to  the  decision  forgo  the  additional  $1.50  charge  was  mixed, 
with  some  praising  the  company  for  “listening  to  its  customers”  and  others 
being  less  willing  to  forgive  or  forget. 

Wrote  one:  “Did  we  win?  Did  we,  the  little  people,  actually  win?  Huzzah!” 

Yes,  that’s  always  surprising,  but  what  truly  gobsmacked  me  during 
the  debate  over  T-Mobile’s  fee  grab  was  that  there  was  any  debate  at  all: 
Plenty  of  voices  were  raised  in  support  of  the  carrier’s  plan  and  most  of 
those  voices  were  swallowing  whole  the  nonsense  that  this  had  more  to  do 


with  saving  the  planet  than  padding  T-Mobile’s  bottom  line. 

It’s  always  been  about  the  money;  nothing  more,  nothing  less. 

As  for  the  company’s  ominous  pledge  to  “take  more  time  to  determine 
the  fairest  way  possible  to  encourage  people  to  go  paperless,”  one  customer 
on  that  message  board  did  a  fine  job  of  pointing  them  in  the  right  direction: 
‘Offer  a  discount,  as  others  have  suggested.  T-mobile  is  saving  money  on 
paperless  billing,  so  share  the  wealth  a  bit.” 

Sounds  fair.  Seems  unlikely. 

A  bit  off  topic 

This  one  doesn’t  have  much  to  do  with  technology  aside  from  pointing 
out  once  again  that  there  are  precious  few  questions  that  can’t  be  answered 
using  the  Internet. 

Mine  last  week  was:  How  long  does  The  World’s  Oldest  Person  (TWOP) 
have  left,  on  average,  after  being  so  designated?  It  was  prompted  by  news 
that  115-year-old  Gertrude  Baines  had  passed  away  in  Los  Angeles,  thereby 
passing  on  to  114-year-old  Kama  Chinen  of  Japan  the  title  of  TWOP. 

Baines  had  topped  the  list  only  since  January. 

Search  engines,  of  course,  were  invented  to  answer  questions  of  this  sort 
and  diminish  the  frequency  of  bar  fights. 

Google  “World’s  Oldest  Person,”  land  on  Wikipedia  —  which  despite  its 
flaws  and  quirks  remains  indisputably  indispensible  —  and  you  will  in 
mere  seconds  find  everything  you  ever  wanted  to  know  about  TWOPs. 

Except,  just  my  luck,  for  how  long  they  typically  live  after  ascending  to 
the  top  of  the  list;  for  that  I  had  to  do  some  light  math. 

Answer:  one  year  and  four  months,  give  or  take  a  day  or  two.  ■ 

There  is  no  charge  for  sending  me  e-mail.  The  address  is  buzz@nww.com. 
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ALTERNATIVE  THINKING  ABOUT  SERVER  ECONOMICS 


Now  more  than  ever,  you  need  your  money  to  work  harder.  With  the  new  generation 
of  HP  ProLiant  G6  Servers  with  Intel®  Xeon®  processor  5500  series  you  dramatically 
improve  energy  efficiency,  flexibility  and  performance.  And  more  reliability  in  each 
system  means  you  can  reduce  business  risk  as  you  increase  your  productivity. 

Decrease  your  IT  support  costs  to  an  absolute  minimum.  HP  Insight  Control  Suite  (ICE) 
will  help  you  to  reduce  operational  expenses  by  up  to  $48,380  per  100  users.* 

For  total  peace  of  mind,  HP  Care  Pack  Services  deliver  industry  leading  automated 
24X7  system  monitoring,  diagnosis  and  fault  notification  to  protect  your  investment. 

Making  you  and  your  business  shine. 

Technology  for  better  business  outcomes.  - 


Special  0%  financing  for  up  to  36  months  also  available.1 
more,  call  1-866-625-0812  or  visithp.com/go/G6superstar9 


inside 


Powerful. 

Intelligent 


rerrorm  like  a  superstar. 
Save  like  an  accountant 


HP  BladeSystem  c3000  Enclosure 


HP  ProLiant  BL460c  G6  Server  Blade 


HP  ProLiant  DL360  G6  Server 


Lease  for  just  $85/mo." 
BWffl'.TMbv  [PN  481657-001] 


Lease  for  just  $54/mo.‘' 
EffWMiv  [PN  532020  B21] 


Lease  for  just  $72/mo 
SHE  Buy  [PN:519567005] 
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With  NetApp®  at  the  heart  of  your  business,  you  can 


sFORTLESSLY  HOLD  YOUR  DATA 

at  a  fraction  of  the  cost  and  footprint. 


i  r 


Imagine  storage  and  data  management  solutions  smart  enough  to  support  the  data  you  need,  and  not  a  lot  of  dead  weight. 

It’s  possible  when  you  partner  with  NetApp.  Our  industry-leading  solutions  use  deduplication  and  other  space-saving  technologies 
to  help  you  store  data  efficiently  and  reduce  your  footprint  by  50%  or  more.  So  you  can  manage  exponential  growth  while 
minimizing  your  storage  investment — all  with  the  support  of  a  team  that  will  exceed  your  expectations.  See  how  we  can  help 
your  business  go  further,  faster.  Find  out  how  you  can  use  50%  less  storage,  guaranteed,*  at  netapp.com/efficiency. 


NetApp 

Go  further,  faster 


©  2008  NetApp.  All  rights  reserved.  Specifications  are  subject  to  change  without  notice.  NetApp,  the  NetApp  logo,  and  Go  further,  faster  are  trademarks  or  registered  trademarks  of  NetApp,  Inc.  in  the  United 
States  and/or  other  countries.  All  other  brands  or  products  are  trademarks  or  registered  trademarks  of  their  respective  holders  and  should  be  treated  as  such.  ’This  guarantee  and  related  Program  is  limited  to 
the  terms  set  forth  in  the  Program  Guide  and  Acknowledgement  For  50%  Virtualization  Guarantee  Program  document,  applicable  only  to  prospective  orders  placed  after  the  Program  effective  date  and  is  dependent 
upon  your  compliance  with  the  terms  and  conditions  set  forth  in  this  document  and  any  of  the  instruction  sets  and  specifications  set  forth  in  the  referenced  documents.  NetApp's  sole  and  exclusive  liability  and 
your  sole  and  exclusive  remedy  associated  with  the  terms  of  this  guarantee  and  related  Program  is  the  provision  by  NetApp  of  the  additional  storage  capacity  as  set  forth  in  this  guarantee  and  related  Program. 


